The best choice would be to compromise a system within the target corporation, install a Web server (if not already available) and create a bogus page designed to collect personal information. The system we use needs to have a domain that seems valid to the victim. If we intend to obtain login information, we need to create a Web site on a server that is convincing to the target victim. If we decide to use malware, we do not really have to worry about the location or domain name of the server since the software is pulled to the victim's computer – the victim does not have to visit the server. We can do this by including a link in our e-mail that downloads malicious software onto the victim's system. We are after corporate login information, company data, and anything else that will allow us to infiltrate the corporation undetected. In a spear phishing attack, we are not concerned with getting personal information to access social networking, auction, or banking sites we are attempting to collect personal information used within the victim's company. Thomas Wilhelm, Jason Andress, in Ninja Hacking, 2011 The Web Site
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |