Monday, January 22, 2018
2017 Phishing Contest: An account harvester
This is another example of one of the contest entries that I wanted to share for educational purposes. You can learn more about the phishing contest here: http://www.w6fdo.com/2018/01/our-2017-phishing-contest.html
The submission below was a beauty. It’s a great example of a targeted email to a group (Monterey County Library users) that could easily have been sent to thousands of people. Combined with fake websites that can easily be created, its intent was to harvest account and personal information. It’s professionally done, and many have said that they would have clicked the links and entered their information right away (even if it wasn’t supposedly sent from a real librarian =).
Remember to always be suspicious about something you receive that you don’t expect or seems unusual. Contact the sender using a different means. Very nice job Kris!!