You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

How do Phishers target their victims?

The first step is admitting there's a problem...

We hear it a lot: They won’t target me!

And it’s usually because...

  • We’re too small.
  • We won’t show up on their radar.
  • They’re looking for bigger fish (to phish…)

But why… why would they NOT target someone?

Let’s look at HOW they target their victims...

Sending out thousands (or millions) of Phishing emails costs nearly nothing to execute, and it’s wildly effective. All a hacker needs is a list of emails to get started. If the cybercriminal also has any identifying information - first name, last name, role, etc. - they can make their Phishing emails even more convincing.

We are all attracted to our own name... and hackers know it!

Armed with that list of emails, your (un)friendly cyber attacker can launch their (basically free) Phishing campaigns.

How does the hacker get a list of emails?

It’ll frighten you how quickly they can get hundreds or thousands of emails for an organization - with just your domain.

Web Exposure Reports reveal what hackers know about your organization.

The data is there in various places. From scraping the indexed Internet (i.e. what you find from Google) to scouring the Dark Web. These hacker groups use tools to grab every bit of information from across the connected universe. And it’s crazy fast.

Ok, so now the attacker has a giant list of thousands (or hundreds of thousands) of emails from tons of different companies. After all, it only took a domain to start the search.

And remember, it costs virtually zero dollars to send email.

So what’s the next step?

The Red Bull-guzzling cybercriminal fires off tens of thousands (or millions) of fresh Phishing emails.

And then waits…

He (or she or they) waits for someone to stumble. Just waiting for any person out of that mass of Phishing emails to click on a malicious link. That’s when the attacker springs into action.

Up until now, everything has been passive.

Once someone clicks on a Phishing link, the attacker launches the real attack  It’s only after that point that he discovers what value can be derived from the victim organization (and we don’t want it to be you!).

So let’s get back to that earlier question: why would they NOT target someone?

  1. The attack starts with grabbing a ton of email addresses, all by inputting your domain.
  2. Sending Phishing emails to these email addresses is essentially free.
  3. The attacker then sits back (again sips on that energy drink - like the movies, of course) and waits until someone clicks on one of those Phishing emails.
  4. Once an unsuspecting (and untrained) employee falls for a Phish, the waiting stops and action begins.

Notice in there that the attacker’s time is only spent after a successful entry (i.e. an employee has clicked on a Phishing email).

In reality, a cybercriminal has no reason not to target as many organizations as possible!

Want to learn more?
Click here - simply input your contact info (so we can respond!).
Someone from our team will validate your domain and share your Web Exposure Report.

Joel Cahill

Cyber security enthusiast. Entrepreneur.