How to Perform a Phishing (whaling) attack via Emkei’s Fake Mailer

  • Posted by Husein
  • Date February 28, 2020
In this article, we will see how we can use Emkei’s Fake Mailer in order to perform a phishing (whaling) attack.
The main point here is to actually use social engineering method known as – whaling. The term ‘whaling’ refers to spear phishing attacks directed specifically at senior executives and other high-profile targets. In these cases, the content will be crafted to target an upper manager and the person’s role in the company. The content of a whaling attack email may be an executive issue such as a customer complaint or even a reward – or discount on certain products – like in our case.
For better illustration, I will use Emkei to send an email from ‘sales@XYZcompany’ to my temporary email address. Have in mind that I do not have access to ‘sales@XYZcompany’ and this is a fake email address; but the email content will look like it has been sent from the sales department of XYZ company.
In the email, a hacker – who represents himself as a salesperson from XYZ company – is asking me (the victim) to open the link that will send me directly to website where I need to fill out the form and get 50% discount on latest product; and this is how the social engineering attack is performed in order to get personal information from certain target.

This is how the e-mail should look like in the target inbox:

and

Also, keep in mind that hackers can use attachments to deliver a malicious software to the victims’ e-mail inbox.
Tools that have been used in the article:
https://emkei.cz/ – Emkei’s Fake Mailer

https://temp-mail.org/ – for temporary e-mail address;

author avatar
Husein

an ethical hacker and bug bounty hunter who enjoys listening original soundtracks.

You may also like

PwnTools
Introduction to PwnTools
4 November, 2024
Buffer-Overflows-Rewriting-EIP-to-Control-Execution
Buffer Overflows: Rewriting EIP to Control Execution
1 November, 2024
Track Down a Picture’s Location Easily
Track Down a Picture’s Location Easily
30 October, 2024

    3 Comments

  1. Anwar
    March 24, 2020

    Hi Husein,

    Thanks for your article. The emails sent from this and using Emkei’s fake mail will automatically be filtered as Spam. Any ideas how to game that?

    Best,
    Anwar

  2. emma
    May 7, 2020

    same issue email marked as spam any solution

  3. Jyotisko Sengupta
    September 13, 2020

    Emkei’s smart mailer will mark the mail as spam. Use any other website.

Leave A Reply