Anatomia e një Email-i Phishing

Fillestar 14 min Inxhinieria Sociale

Hyrje

Phishing is a fraudulent email designed to get the recipient to click a link, open an attachment or reveal credentials.

Teoria

A modern phishing campaign starts with a pretext: a believable reason the email was sent. The attacker imitates a known brand (Microsoft 365, DHL, a bank, a national ID service) and creates urgency ("your account will be locked in 24 hours") or curiosity ("here is the invoice you requested"). The sender address is often spoofed or uses a look-alike domain (rnicrosoft.com instead of microsoft.com). The email body is carefully styled to match the legitimate brand's templates, sometimes copied HTML-for-HTML. The payload is usually a link to a credential-harvesting page or a weaponized document. Credential pages are near-perfect clones of the real login page and are hosted on either compromised websites or newly registered look-alike domains. Weaponized documents use macros, ISO containers, LNK shortcuts, HTML smuggling or vulnerable file formats to drop a loader that fetches the real malware. Modern campaigns increasingly use legitimate services — Google Docs, Dropbox, Microsoft OneDrive — as the first hop to blend in with normal traffic and bypass URL reputation filters. Defenders detect phishing through DMARC/SPF/DKIM alignment checks, domain reputation, content analysis of the email body, sandbox detonation of attachments, and user reporting (the "Report Phishing" button should be one-click in every email client). Training users to recognize the common patterns is a must, but it can never be the only layer — sophisticated phishing fools even experienced security staff.

Mjetet

Mjete testimi dhe trajnimi:

  • GoPhish — platformë phishing simulation open-source.
  • King Phisher, Evilginx2 (MITM phishing).
  • KnowBe4, Cofense — trajnim komercial.

Praktika

Instalim i GoPhish për kampanje të kontrolluar:

./gophish # → admin UI në https://localhost:3333
# Krijo Sending Profile (SMTP), Landing Page (HTML clone), Email Template, Users → Campaign

Konfigurim DMARC/SPF/DKIM për të mbrojtur domenin tënd:

# SPF
example.com TXT "v=spf1 ip4:1.2.3.4 -all"
# DKIM (rotuar zakonisht)
default._domainkey.example.com TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkq..."
# DMARC
_dmarc.example.com TXT "v=DMARC1; p=reject; rua=mailto:dmarc@example.com"

Ushtrime

  1. Zhvillo një kampanje simulim phishing brenda organizatës (me miratim me shkrim).
  2. Mat click-rate dhe reporting-rate pas 4 javësh trajnim.

Burime

  • GoPhish docs.
  • M3AAWG — Best Practices for DMARC.

Vlerësimet dhe komentet

Kyçu për të lënë një vlerësim.

Ende pa komente. Bëhu i pari!

Diskutime

Ende pa diskutime. Hap një temë të re