In this article, we will see how we can use Emkei’s Fake Mailer in order to perform a phishing (whaling) attack.
The main point here is to actually use social engineering method known as – whaling. The term ‘whaling’ refers to spear phishing attacks directed specifically at senior executives and other high-profile targets. In these cases, the content will be crafted to target an upper manager and the person’s role in the company. The content of a whaling attack email may be an executive issue such as a customer complaint or even a reward – or discount on certain products – like in our case.
For better illustration, I will use Emkei to send an email from ‘[email protected]’ to my temporary email address. Have in mind that I do not have access to ‘[email protected]’ and this is a fake email address; but the email content will look like it has been sent from the sales department of XYZ company.
In the email, a hacker – who represents himself as a salesperson from XYZ company – is asking me (the victim) to open the link that will send me directly to website where I need to fill out the form and get 50% discount on latest product; and this is how the social engineering attack is performed in order to get personal information from certain target.
This is how the e-mail should look like in the target inbox: