Aim
What an attacker would use to hack the victim's computer with a 5 step phishing email to raise awareness by explaining how easy it is to encrypt and demand ransom.
PHASE 1: Generate Malicious> The attacker creates a malicious Microsoft Office document.
PHASE 2: Spreading the Pest by Email
The malicious document created by the attacker is being listened to.
The attacker is editing the website for the malware.
Attacker copies a bank's email template.
Attacker copying a bank's email template. (above keep the same subtitle)
Redirects link in offensive email to malicious software.
The attacker sends the email to the targeted email addresses .
Attacker expects victims to click on the link.
Victimone of opens malicious email and clicks on the link inside.
PHASE 3: Remote Access> The attacker is running code remotely on the victim's system for encryption.
PHASE 4: Encryption
The attacker encrypts all files on the victim's computer.
PHASE 5: Ransom Request> Attacker from victim to restore encrypted files bitcoin.
Lessons Learned
Spelling Rules: While paying attention to spelling rules in e-mails from a corporate company, an attacker can make mistakes at this point.
Fake Links: No corporate company asks you to provide your password, credit card number (especially expiration date, CVV information) or TC does not request your ID card information via links in the e-mail.
Psychological Expressions: Kin the message sent to the victim, there may be expressions that activate the victim. For example, “You must confirm your email within 2 hours!”.
Bender Links: It's the easiest form of attack, but it works great. An attacker can deceive the victim by creating a link very similar to a corporate company's web address. For example: “instead of oguzbank.com oguzbank.corn”
E-Mail Templates:Corporate companies pay close attention to their email templates. While playing on these email templates, the attacker misplaced things or turned the eyeninto a format that would seem inappropriate to you
To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.