During social engineering exercises, one of the difficulties we face is to get a person to click a link or open an attachment. For the past few decades, we haven’t seen much changes in it. A rather, *sad* part even, a few days ago; Cisco researchers wrote about a quite aggressive malware; Rombertik. While being relatively technically advanced (uncalled functions, anti debugging techniques, etc), one of the modes of distribution is through phishing emails, and quite bad one at that:
A better way is to do targeted attacks; i.e: spear phishing attacks, where you focus your attack on a few people, rather than just casting a net and seeing what sticks.
For this, during social engineering engagements, we often like to use the following 2 techniques:
- Fake CC
- Fake email thread