Phishing Email Campaign: Mimicking and Spoofing – Another Social Engineering Technique

Phishing attacks are a combination of different technique in order to lead their victim to the fake login page that they have created in order to harvest information. These attacks won’t stop, because in this age of information there are still those who still fall for such tricks due to the evolution of this criminal activity.
Lately the European Union is almost nearing its date on implementing the General Data Protection Regulations (GDPR) which is sure to affect companies on how data will be handled. Therefore prompting these affected companies into blasting customers with email announcements regarding changes in their privacy policies and terms of service.

Recently phishing authors targeted Airbnb as the company announced to its users the changes in their policies which will take effect on 25th of May this year.

What the phishing authors did was to craft emails that are similar to a legitimate Airbnb email blast and then send their own version of email blast to EU based email addresses that are possibly signed up on Airbnb. The source of the potential victims email address could have come somewhere from a leaked database which was exposed online in the dark web.

Ironically the new data protection regulations that were meant to protect data is being used by the phishing author to advance the success of its own activities.

Phishing activities are becoming more difficult to identify, because the people behind it are learning new ways to improve their techniques in order to trick more people. They are getting more sophisticated on par with how technology and anti-phishing methods. Therefore the phishing intelligence must also keep up and find ways to improve awareness of the common users and techniques to track down and eliminate sources.

Here are tips to avoid getting caught in the net of a phishing attempt:

  • Whenever reading emails or any online material, as much as possible do not click an in-built link.
  • Always open websites using your browser by typing in the official website URL.

There is a high chance that other companies as well will be targeted and be taken advantage of the same way Airbnb got.


About the author

Leave a Reply