Fishing VS Phishing

Mane Hambardzumyan

FISHING

Fishing is the activity of trying to catch fish. Fish are often caught in the wild but may also be caught from stocked bodies of water. Techniques for catching fish include hand gathering, spearing, netting, angling and trapping.

PHISHING

​

​

1. Deceptive Phishing
2. Spear Phishing
3. Whaling
4. Vishing
5. Smishing
6. Pharming

​

PHishing is the activity of trying to catch sensitive info. (mainly) Techniques for phishermen:

Pharming

Or Local

Tools

What tools can be used for phishing ?

• King-phisher
• GoPhish
• Infosec IQ
• LUCY
• Social-Engineering Toolkit (SET)
• Manual (Make your own :D )

The Process of phishing (Not technical)

1. Recon your target
2. Make a scenario
3. Make a web page/attachment
4. Buy a domain and static IP address/server
5. SMTP server
6. Setup your tool and campaign

CEO

WE

RECON YOUR TARGET

1. OSINT
2. OSINT
3. OSINT

Main things…

1. Organization info (even brief)
2. Logo and signature
3. Department information
4. Used technologies internally
5. Hobbies or daily used apps (if individual)
6. Activate STALKER mode :)

😈

Phishing mail with signature

Make a web page

I don’t know HTML CSS, what to do?

TOOOOOOOLS

1. HTML CSS builder… + JS hook

https://nicepage.com

OR

2. Open source web page cloning tools

Buy a domain with …

1. I -> L (similar letters)
2. GrammEr mistakes
3. UTF-8 or Punycode
1. Unicode -> ‘ευχαριστώ’
2. ASCII -> xn--mxahn5algcq2e

​

Free domain providers

Dot.tk, Freenom

​

Mailserver

1. Google
2. Any other Mailserver

​

Why G Suite and what it provides?

1. Can bypass most of spam patterns because it is trusted.
2. Google verification TXT record in DNS configuration of the domain
3. MX verification records
4. Passcode for Third Party applications (More secure than providing your creds of email)

…

​

Excel Macro

King Phisher Brief Intro