Creating a Phishing page and hosting on the web is just a halfway into hacking someone. Manipulating them to visit our phishing page is equally as important.
There are lots of ways you can trick someone into visiting your phishing page. For example sending the link on facebook, Twitter or any other social networks, DNS poisoning, Website Forgery, Evil twins, Phone Phishing and many more. However, the most effective and common method is Spear Phishing.
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. This technique is, by far, the most successful on the internet today, accounting for 91% of attacks.
Email provides us a convenient and powerful communications tool. Unfortunately, it also provides scammers and other malicious individuals an easy means for luring potential victims.
How Spear Phishing works
First, criminals need some inside information on their targets to convince them the emails are legitimate. They often obtain it by hacking into an organization’s computer network (which is what happened in the above case) or sometimes by combing through other websites, blogs, and social networking sites.
Then, they send e-mails that look like the real thing to targeted victims, offering all sorts of urgent and legitimate-sounding explanations as to why they need your personal data.
Finally, the victims are asked to click on a link inside the e-mail that takes them to a phony but realistic-looking website, where they are asked to provide passwords, account numbers, user IDs, access codes, PINs, etc.
Examples of Spear Phishing And How To Spot It
Here are some examples that will help better understand email phishing. As you can see in the examples below that Spear phishing emails are pretty convincing and only few people can spot it.
Crafting a Phishing Email
So, how do you create a phishing email? I’m gonna lay down some important stuffs that you should consider while making a phishing email.
1. Addressing the victim by their name
“Dear User, Dear Customer, Hello, …” avoid these words. As I said above, Spear Phishing targets specific organization or individual and hence you should be very clear on the email to mention the recipient’s name.
2. Creating Urgent with legitimate-sounding explanations
Create statements that sound urgent but are also legitimate. Like for example: Asking people to change their password because someone recently tried to login their account, asking them to confirm if they made the recent purchase on some site. Similarly, informing them about their account status can also work great.
3. Quality Images/ Design
Adding quality images is very important as it can highly increase gain the trust of your victim. Take your time in designing the email. You don’t have to design the whole email, just some basic stuffs like a Button, background color, fonts, font size, etc.
4. Hiding Your Phishing Link
You don’t want to just link your phishing link in a plain text. You can simple choose what text you want to display which will redirect your victim to your site.