Investigate Phishing Campaigns
First we discuss that what is phishing campaign. A phishing campaign is an email scam designed to steal personal information from victims. Threat Actor use phishing to obtain sensitive information for fraud such as credit card details and login credentials, by concealing as a organization or person in an email communication.
A particular way of the majority of websites on the malicious IP address indicates phishing, some of the websites appeared to have contained a malicious executable file for stealing data.
There is Some Screen Shots of malicious sites,
Calculate the webpage’s SHA256 hash :
Phishing websites are frequently simplistic copies of each other, without any bells and whistles since the objective here is to steal user information. That makes the task of investigating them and linking them to other malicious domains a little easier, if they are indeed carbon copies of one another.
To calculate a website’s SHA256 value, you can use the following Kali Linux terminal command:
curl www.mydomain.com | sha256sum
The result give you a hash value and then hash value can be then searched against using Urlscan and should produce a multitude of results.
Examine security certificates :
Phishing website not enable security certificate https encrypted connection, but some of them do. Nowadays Threat Actor obtain free security certificates for their fake websites in order to add another layer of purported legitimacy to the phishing sites; after all, many people still erroneously believe that the “green padlock” symbol in the browser means the website they visit is real and that the information they enter into it is fully secure.
No comments:
Post a Comment