Trustzone

How to produce a phishing email (in 5 minutes)

It takes about 5 minutes to produce a phishing email that appears to be sent from a public or private organisation trusted by the recipient. Here is how hackers do it.

How to produce a phishing email (in 5 minutes)

HOW TO PRODUCE A PHISHING EMAIL (IN 5 MINUTES)

You don’t need to be a genius hacker to make an effective phishing campaign.

It takes about 5 minutes to produce a phishing email that appears to be sent from a governmental institution of your choice or a private corporation trusted by the recipient.

In this video you’ll see for yourself how easy it is to give an impression of sending emails from addresses, such as bill.gates@microsoft.com, d.trump@whitehouse.gov or maybe f.raud@bankofengland.co.uk.

Yes, it’s that easy to gain a smooth starting point while trying to lure credit card information or other sensitive data from people on your list of email addresses.

SEE HOW IT IS DONE IN THIS VIDEO

97% DO NOT SEE THROUGH PHISHING EMAILS

Look at the spam mails you have already identified as phishing attempts - are they not amusing and amateurishly made? 'Hackers' who send emails, such as bill.gates@michrosoft.com where the domain is mis-spelled, which is meant to be overlooked by the recipient, do not really know what they are doing.

In minutes phishing can be done much more authentically.

Imagine then, that a real hacker sits down to make a concentrated effort to cheat you via a phishing campaign. You almost need to be a professional yourself to find out that there is something terribly wrong. This is consistent with figures given by the security department of US tech giant Intel, namely, that 97% of those who receive phishing emails never find out that someone is trying to hack them.

PHISHING: MANY, MANY MORE ATTACKS!

According to PhishMe's Enterprise Phishing Resilience and Defense Report, phishing attempts have grown by 65% within the last year. According to the Wombat Security State of the Phish, 76% of respondents from England and the United States reported that they were in one way or another exposed to a phishing attack within the last year. According to Verizon Data Breach Investigations Report, 30% of recipients open phishing messages, while 12% click on the malicious links or attachments. According to the SANS Institute, 95% of all business network attacks are the result of successful phishing. According to Symantec, the number of phishing attacks has generally increased for all sizes of companies and in all industries - no type of business is immune. According to Webroot Threat Report, nearly 1.5 million new phishing websites are created every month.

SUCCESSFUL PHISHING ATTACKS COST $1.6 MILLION ON AVERAGE

$ 1.6 million is the average cost that a medium-sized company pays for a phishing attack that ends up being a success.

For companies from the US, the price is $ 1.8 million.

However, the high direct financial loss is only part of the story. Damages include decline in stock prices. Among other negative effects respondents experience loss of reputation and even customers, notes the report that is authored by Cloudmark Security.

Source https://blog.cloudmark.com/2016/01/13/survey-spear-phishing-a-top-security-concern-to-enterprises/ 

STUDIES BY DELOITTE AND AVIVA SUPPORT THE NUMBERS

According to Deloitte, one third of the customers, asked in their 2015-investigation, said that they would stop buying from a company if the company had experienced a breach of cyber security - even if the customer had not suffered a significant loss.

If your company is under attack from a hacker, 60% of customers will consider leaving you and 30% will actually do so, says a somewhat similar study from Aviva.

DIGITAL SIGNATURE - A SHIELD AGAINST PHISHING

You protect yourself against phishing by educating your coworkers to take their precautions. Talk to your colleagues. Show them what they need to pay attention to. Teach them to spot malicious emails and websites that emails link to.

You can dodge distrust from worried mail recipients altogether by deploying digital signature. That way recipients of your emails can be sure that the mail is send from you and only you - or your department or company as such for that matter – depending on how and whom the signature is issued to.

To get a digital signature you must be validated to a varying extent as a person, employee, department and/or company.

The validation process and the S/MIME technology used, while employing digital signature, guards you against identity thefts. When customers, users, coworkers or other stakeholders receive mails from you, they’ll immediately inform themselves of your true identity, simply by exploring your digital signature. This will only take a few clicks.

A digital signature can be used for emails you send on behalf of yourself as a person - on behalf of a department in your company or the company as a whole.

The best solution for you entirely depends on your needs.

Read more about the different digital signatures

Remember that the S/MIME certificate you buy at TRUSTZONE also enable you to encrypt your emails. In addition, they let you sign your Microsoft Office documents. Click above - read all about it.

… Or call us for personal counseling in your native language at +45 88 33 10 00

Published: June 26, 2018