Spear-phishing attack vector
A spear-phishing attack vector is an e-mail attack scenario that is used to send malicious mails to target/specific user(s). In order to spoof your own e-mail address you will require a sendmail
server. Change the config setting to SENDMAIL=ON
. If you do not have sendmail
installed on your machine then it can be downloaded by entering the following command:
root@bt:~# apt-get install sendmail Reading package lists... Done
Getting ready
Before we move ahead with a phishing attack, it is imperative for us to know how the e-mail system works.
Recipient e-mail servers, in order to mitigate these types of attacks, deploy gray-listing, SPF records validation, RBL verification, and content verification. These verification processes ensure that a particular e-mail arrived from the same e-mail server as its domain. For example if a spoofed e-mail address, <[email protected]>
arrives from IP 202.145.34.23
it will be marked as malicious as this IP address does not...