You have been asked to create a spear phishing email that will entice the faculty and staff of the Trent University Forensics Department into visiting your website, which is configured to automatically install malware on their computers.
What planning would you do prior to sending the email?
Write the contents of the email.
Why do you think that this would be an effective phishing
attack?
Disclaimer:-Attention!,my intension is not to promote the phishing and phishing related frauds.It is obviously a harmful thing and also a cyber crime.I am just answering the question so that the readers can get to know what actually the phishing is and how phishing mails look like, so that they can prevent themselves from being the victim of cyber crime i.e phishing.
Okay now lets come to question:-
First of all lets see what Phishing actually is:-
Phishing is the illegal attempt to gain someone`s sensitive information such as passwors,credit card details etc by pretending yourself as a trustworthy person.
Usually a link is given in the mail by clicking on which a user is forced to install a software that contains malware in it.
Q:-1:-What planning would you do prior to sending the email?
Well,prior to sending the phishing mail I would first of all get to know the E-mail ids of the the faculty and staff of the Trent University Forensics Department so that I could send the phishing E-mails to all of them.I will send them to all of them and not to the chosen ones because more the people,more are the chances among them to become the victims(as some of them might be able to guess that this is a phishing mail therefore number of people should be more.)
After knowing the E-mail ids of all of them, I will install a malware on my website who`s link I will be providing with the phishing mail so that if the victim access the website,the malware gets installed on his/her computer and I might get all the information I need.
Q:-2:-Write the contents of the email.
From:-ViceChancellor_Trent [email protected](I will make a fake id pretending to be the vice chancellor of university.)
To:-abc,xyz,wty,edf(Here I will write E-mail ids of the faculty and staff that I have gathered information prior sending the mail)
Subject:-Regarding updation in database.
Respected faculty/staff member of the forensics department.This is my new E-mail id as I have lost the password for previous one.From now onwards you will get mails by my side from this E-mail id.Here is the information for you.
Our University updates the data in the database such as faculty name,date of joining,account number etc after every 5 years.Therefore all the faculty members and the staff members are requested to update their details in the database by clicking on the link given below.This has to be done ASAP.
https://www.xyz.com/
Q-3:-Why do you think that this would be an effective phishing attack?
Yes,I think that this is an effective phishing attack because first of all I have mentioned that this is my new mail id as the password of previous is lost.By reading this the reader will really feel that it is a legit mail from the new mail id of the vice chacellor.This will trick their brain to believe into the fact that this is a legit mail id.
Iti is effective for me(attacker) as well because when the user will click on that link to update their details then the malware will be installed to their system and also the account number entered by all of the users can be used by attacker for misuse.
Hope it helps..
Thankyou..... :-)
Get Answers For Free
Most questions answered within 1 hours.