What is Email Phishing
So what is Email Phishing?
Email Phishing is a fraudulent attempt to entice a user to perform an action; often appearing to come from legitimate businesses (e.g., your company, your internet service provider, your bank, etc.). The result of performing an action like clicking on an email link or opening an email attachment can lead to exposure of sensitive information such as usernames, passwords, or a potential compromise of the underlying operating system itself.
Adversaries will often target and send phishing links through email where the victim is prompted to click on a link within the email body. The target will get navigated to a phishing page that pretends to be legitimate and authoritative. At this point the phishing page may ask the user to login where credentials will be harvest or download a fictitious update which is really a malicious binary.
Email Phishing is an example of a social engineering techniques used to deceive users, and exploit weaknesses in a current organizations security posture. Email Phishing when partnered with email spoofing can present the look and feel which resembles that of the legitimate business or brand the adversary may be impersonating. This combination when done properly can yield incredibly high click through ratios which present a risk to organizations everywhere.
Email Phishing is a specific type of phishing in general. Phishing generally speaking comes in many different forms including, but not limited to:
- Spear Phishing are phishing attempts which are directed at specific individuals. Often times targeting a low number of specific individuals can help a phishing operation remain stealth.
- Clone Phishing are phishing attacks whereby a legitimate vendor is impersonated. Often times this is done by leveraging an existing email which has been delivered and replacing the primary link with a malicious link that an adversary controls.
- Whaling are phishing attacks specifically directed at senior executives and other high-profile targets within the business. Content is typically crafted to target executive level folks and tailored toward the organization.
- SMS Phishing (smishing) is when phishing attacks are performed over cell phone text messages as a medium to transfer the content.
- Voice Phishing is when an adversary performs phishing by contacting over the phone and attempting to impersonate someone authoritative in an effort to entice the target to perform some action.
- Playing With the New Burp Suite REST API
- Burp Suite 2.0 Beta Review
- Attacking Palo Alto Networks PAN-OS ‘readSessionVarsFromFile()’
- GPG Errors While Updating Kali Linux
- Installing Kali NetHunter on HTC Nexus 9
Subscribe To Our Mailing List
FREE Phishing Guide
Register for a free e-Book. Take your phishing to the next leve!
Become a Web App Penetration Tester
- Burp Suite
- Forensics and Incident Response
- Information Gathering
- Penetration Testing Tutorials
- Web Applications
Web Application Hacking