November 16, 2019

You won 500 mills $!!!

You won 500 mills $!!!

F1N4LSH4R3

November 16, 2019

A few days ago I have been received an email that I won a half a billion dollars from some lottery and the only thing that I need to do is to prove my identity and a bank account to receive that money, so let us start the way to the treasure. (ex.1)



First of all, the most important thing that I learned as a cybersecurity researcher is that there are no gifts, such an email can find any one of us in his box, but what should we do with it?

One of a kind in a cyber fraud family attack is "phishing", the easiest for the attacker and the most dangerous for the not aware victim, that in one click of a button gives to the attacker all that he asked for, let's dive into bad hacker head, for a very simple example.

First step, to build a site that looks like one of the most popular now days, like FaceBook, Instagram or Amazon, actually as a lazy person and not so glad to work with HTML and CSS for building a site from scratch so we will "stole" one, lets go to the www.facebook.com (ex.2), lets inspect with F12 into the site and copy-paste the code for a new text document and save it as HTML file, a little cosmetic fixes and we have our login page.

The second thing is hosting that site and make him available for the world, two options in front of me, one, free hosting or to host on my computer, the last and not less important thing is to change the URL for making it less suspicious.

The last part as an attacker, upload that site into some well-written email and set up our net fo phishing, redirect the input that will be entered and pray to catch one.

As a victim, we not always be aware of recognizing that kind of, emails, links, photos or messages that we get among the day, and by mistake can give by ourselves our credentials, few things that very important to notice is, the correct spelling of the content, relevant and good looking URL (companies pay money for it), don't trust unknown sources and don't open their messages or files, if you are a company make sure to protect yourself and your employees, don't give the golden ticket to strangers.


I will steal your company! (Bad_Hacker)

For companies and enterprises, the "phishing" problem is more dangerous than for a single person, it is not just lost the credential for some site, it is the golden ticket for malware and breaches in the company that can be cost millions of dollars per damage, raising employee awareness and investing in anti-phishing software is a good place to start. Without a doubt, these mind-blowing phishing statistics will provide you with plenty of food for thought in that regard,

some interesting facts from https://hostingtribunal.com/blog/phishing-statistics/:

Fascinating Phishing Statistics

These impressive stats should give you an idea of just how widespread phishing is and how much companies stand to lose from successful phishing attacks.

  • Phishing attempts grew by 65% in 2017. (Source: dashlane blog)
  • Nearly 1.5 million phishing sites are created each month. (Source: dashlane blog)
  • 76% of businesses reported being a victim of a phishing attack in 2018 (Source: Proofpoint).
  • 92% of malware is delivered via email (Source: Alert Logic)
  • In 2017, the average user received an average of 16 phishing emails per month (Source: Alert Logic).
  • 95% of attacks on business networks are the result of successful spear phishing. (Source: ExplainHowNow)
  • The average cost of a phishing attack to a mid-sized company is $1.6 million. (Source: dashlane blog)

How Costly Is Phishing?

Given how common and frequent phishing attacks are, you shouldn’t be surprised at their staggering cost.

  • The average cost of a phishing attack to a mid-sized company is $1.6 million. (Source: dashlane blog)
  • Phishing emails are responsible for 94% of ransomware and $132,000 per business email compromise incident. (Source: Phish Insight)
  • In 2018, a breach that involved tampering with or unauthorized access to an application cost $2 million more than a personally identifiable information breach on average. (Source: F5)
  • North Korean national Park Jin Hyok carried out a successful multi-layer attack using phishing as its initial attack vector and stole $81 million from a Bangladesh bank. (Source: F5)
  • In 2018, Google and Facebook lost $100 million as a result of an email phishing scheme. (Source: Inc.)


No one safe, know the "other" side and stay prepared,

Best regards and thanks for reading,

F1N4LSH4R3.







F1N4LSH4R3