Hyrje
Phishing is a fraudulent email designed to get the recipient to click a link, open an attachment or reveal credentials.
Teoria
A modern phishing campaign starts with a pretext: a believable reason the email was sent. The attacker imitates a known brand (Microsoft 365, DHL, a bank, a national ID service) and creates urgency ("your account will be locked in 24 hours") or curiosity ("here is the invoice you requested"). The sender address is often spoofed or uses a look-alike domain (rnicrosoft.com instead of microsoft.com). The email body is carefully styled to match the legitimate brand's templates, sometimes copied HTML-for-HTML.
The payload is usually a link to a credential-harvesting page or a weaponized document. Credential pages are near-perfect clones of the real login page and are hosted on either compromised websites or newly registered look-alike domains. Weaponized documents use macros, ISO containers, LNK shortcuts, HTML smuggling or vulnerable file formats to drop a loader that fetches the real malware. Modern campaigns increasingly use legitimate services — Google Docs, Dropbox, Microsoft OneDrive — as the first hop to blend in with normal traffic and bypass URL reputation filters.
Defenders detect phishing through DMARC/SPF/DKIM alignment checks, domain reputation, content analysis of the email body, sandbox detonation of attachments, and user reporting (the "Report Phishing" button should be one-click in every email client). Training users to recognize the common patterns is a must, but it can never be the only layer — sophisticated phishing fools even experienced security staff.
Mjetet
Mjete testimi dhe trajnimi:
- GoPhish — platformë phishing simulation open-source.
- King Phisher, Evilginx2 (MITM phishing).
- KnowBe4, Cofense — trajnim komercial.
Praktika
Instalim i GoPhish për kampanje të kontrolluar:
./gophish # → admin UI në https://localhost:3333
# Krijo Sending Profile (SMTP), Landing Page (HTML clone), Email Template, Users → CampaignKonfigurim DMARC/SPF/DKIM për të mbrojtur domenin tënd:
# SPF
example.com TXT "v=spf1 ip4:1.2.3.4 -all"
# DKIM (rotuar zakonisht)
default._domainkey.example.com TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkq..."
# DMARC
_dmarc.example.com TXT "v=DMARC1; p=reject; rua=mailto:dmarc@example.com" Ushtrime
- Zhvillo një kampanje simulim phishing brenda organizatës (me miratim me shkrim).
- Mat click-rate dhe reporting-rate pas 4 javësh trajnim.
Burime
- GoPhish docs.
- M3AAWG — Best Practices for DMARC.
Vlerësimet dhe komentet
Kyçu për të lënë një vlerësim.
Ende pa komente. Bëhu i pari!
Diskutime
Ende pa diskutime. Hap një temë të re