Wednesday, January 17, 2018

2017 Phishing Contest: A solid targeted phish

This is an example of one of the contest entries that I wanted to share for educational purposes.  You can learn more about the phishing contest here:

The submission below was a solid winner.  If it weren’t for the fact that the sender’s name was different from the name in the signature, I would probably have investigated the attachment to see if was safe to open. =)

In this “phish”, Cody did some research online about me.  While many know that I am a fly fisherman, he discovered on LinkedIn that I am also a supporter of “Project Healing Waters”*, and used that to offer me free fly rods (they are expensive, so you can imagine the potential excitement =).  The paragraph is a natural introduction of the sender “Aleks” and has many elements of professionalism and real marketing in the language.  In fact, this is a real company (he misspelled the domain in the email address) and “Alex” Maslov is the real CEO.

In this instance, Cody utilized an attachment as the “hook”.  In real life, this attachment could contain malicious macros, or simply be a way to harvest personal information from me if I filled it out (such as tax info they need for the “gift”).

Remember to always be suspicious about something you receive that you don’t expect.  Very nice job Cody!!

* Project Healing Waters is dedicated to the physical and emotional rehabilitation of disabled active military service personnel and disabled veterans through fly fishing.  More info here:

No comments:

Post a Comment