A recently conducted ethical phishing (New study details the dynamics of successful phishing) experiment impersonating LinkedIn by mailing invitations coming from Bill Gates, has achieved a 100% success rate in bypassing the anti-spam filters it was tested against.
The experiment emphasizes on how small-scale spear phishing campaigns are capable of bypassing anti-spam filters, and once again proves that users continue interacting with phishing emails.
More info on the methodology used:
“This scenario was an invitation from Linkedin, posing as an invitation from Bill Gates to join his network. Linkedin was selected due to availability, and the fact that it is a social network recognized by most executives. This selection of Linkedin was also based on the fact that linked-in email should be already identified by most existing email system(s), and this may have helped delivery through into the mailbox. The phishing link can be identified in the HTML source code below.
The Phishing site was based on the Linkedin sign in page. The form action was changed so that the user would be redirected to a subsequent page on our site. No usernames or passwords were collected during this assessment. All targeted users were contacted before the phishing email was sent, and were expecting a Linkedin invitation from Bill Gates.”
Continue Reading at ZDNet Blogs
