Abstract

This chapter discusses the use of impersonation to conduct the email attacks. Impersonation means pretending to be someone that is known to the victim in one degree or another. The use of impersonation in a professional penetration test may appear to be a simple thing—assume a disguise and play a role. For most pentest projects, this may be true. However, if one needs to avoid detection at all costs, impersonation becomes a much more complicated endeavor. To conduct an attack using pretexting, one need to make sure that the disguise is perfect and that the knowledge, language, understanding of geography, and understanding of human psychology is exceptional for the task at hand. If one doesn't want to go through the effort to create a physical disguise, one can choose to perform e-mail attacks using our spear phishing skills to gain information necessary to access the corporate systems of the target organization. The problem with the use of a phishing attack is that one cannot always be assured that they will have access to a server within the target corporation's network in which to conduct the attack.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call