2023 10 11 Spear Phishing Dimitrios

International Air Force Semester
2020-1-EL01-KA203-079068
Cyber Warfare
Spear Phishing
P. Karampelas & D. Lappas Diogo Silva
HAFA AFA
A Social Engineering Attack
A Social Engineering Attack
A bad guy wants to steal personal data
The data is locked - no easy access.
The attacker can’t steal the personal data easily.

If I make a key that can
open the lock then I will be
able to steal the data
I think that you need a
different key. You need
inspiration…
Building Advancing
Reconnaissance
Trust Relationship
Social
Engineering
Attack
If you want to make a phishing e-mail you will
need a message. A big key will help you to get
inspiration for your message
What tool was Salvador Dali using for inspiration?
When the key falls down
and wakes him!
This very brief nap helped

him to dream.
It helped him to be
inspired.
Don’t sleep yet!
You’ll get inspiration

somewhere else…
The inspiration key will help
you to make a message for a
phishing e-mail
Step 1: Information gathering about the victim

phishing e-mail

Step 2: Grouping – categorization of the victim’s information
phishing e-mail

Step 3: Evaluation of information - choose to use the category in which the victim
expresses more liking or spends more time.
phishing e-mail

Step 4: Search for dominant emotion or desires of the victim in the above category
phishing e-mail

Step 5: Mapping the victim's contacts – friends who have the same interests
phishing e-mail

Step 6: Finding a real or imaginary entity (organization or person) that the victim could
trust
phishing e-mail

trust
Step 7: Finding a motive for the victim to follow the instructions included in the e-mail
phishing e-mail

trust
Step 7: Finding a motive for the victim to follow the instructions included in the e-mail
Step 8: Construction of the message
Hey guys…let me show you how to use this template!
I want to steal an
e-banking password
4 comments
User name
User name
Her grandparents lived a war in Her grandparents survived from

Europe the war and rebuilt Europe
She believes that the same

must be done for Syrian
refugees nowadays
Step 3: Evaluation of information - choose to use the category in which the
victim expresses more liking or spends more time.
She believes that Syrian

refugees must stay in their
country
She believes that people who

have survived from a war must
rebuild their country
User name User name User name
Username User name Username

User name
Step 6: Finding a real or imaginary entity (organization or person) that the victim could trust
Step 6: Finding a real or imaginary entity (organization or person) that the victim could trust
https://jrs.net/en/about-us/
Step 7: Finding a motive for the victim to
Her grandparents follow the instructions included in the e-mail
Her grandparents
survived the war
lived a war in
and rebuilt
Europe
Europe
Morphological Analysis
She believes that

the same must She has a friend
be done for with great faith What if…
Syrian refugees in God
nowadays
What if I made a message including:

❖ Refugees of Syria need help
❖ It is better to help them rebuild their
country than become refugees
❖ Church of Jesus has already started a
similar campaign
❖ Her friend gave them her email
Let’s get some

inspiration about this
topic…
Expert quote
Picture tickler
Helping Syrian refugees
Refugees stay in their country
The same happen in Europe
An expert believes the same
Church of Jesus can help
A friend believes in Jesus
Jesus was also a refugee
Her friend gave us her e-mail

Dear (User Name),
My name is L.O. and I am a volunteer nurse of the Jesuit Refugee Service. I have spend
almost all my life in a refugee hospital and I feel sad and angry when I see Syrian people
suffering from the war. Unfortunately, many of my patients die or become refugees to
Europe. But personally, I believe that if we really want to solve this problem we must
help these people stay in Syria and rebuild their beautiful country when the war will
stop. As Amela Koluder claimed “a refugee is someone who survived and can create the
future”.
Dear (User Name),
future”.
Your friend (username) suggested I should contact you, since you share a similar attitude
towards the refugees. If you want to join our efforts, and help Syrian people stay in their
country and not to become refugees, please donate to the Jesus church of Syria. Here is
the relative link: http://...........................
Dear (User Name),
future”.
Your friend (username) suggested I should contact you, since you share a similar attitude
towards the refugees. If you want to join our efforts, and help Syrian people stay in their
country and not to become refugees, please donate to the Jesus church of Syria. Here is
the relative link: http://...........................
Don’t forget that Jesus was a refugee too (Matthew 2:13-19), so he can make us feel
better!
Thank you in advance

L.O.
Now it’s your turn to Step 1: Information gathering about the victim
think as an attacker Step 2: Grouping – categorization of the victim’s information

Step 3: Evaluation of information - choose to use the category
in which the victim expresses more liking or spends more time.
Step 4: Search for dominant emotion or desires of the victim in
Scan this QR-Code to complete the above category
the Assignment or type in the Step 5: Mapping the victim's contacts – friends who have the
link below
same interests
Step 6: Finding a real or imaginary entity (organization or
person) that the victim could trust
Step 7: Finding a motive for the victim to follow the instructions
included in the e-mail
Step 8: Construction of message
https://forms.gle/nnvNawrJYWCMiQky5
Example 1
Dear Mr. Zimmerman,

Recently your colleagues gave you a special gift, an aircraft for your Christmas tree. This gift was delivered
from my company, SMS - Special Military Souvenirs. In my company, we construct miniatures for all type of
military items, even if these belong to history. We also construct souvenirs suitable as gifts for participating
to international exercises.
Please find our analytic catalogue in the link below: http://......
This is a sample picture of our last version of Eurofighter EF-2000 Typhoon 7L-WB, Austrian Air Force
Scale 1 : 72
Format approx. : W 15.2 x L 22.2 x H 7.3 cm
Price : € 102.43
Feel free to ask anything.

Yours sincerely,
Bill McLucifer
CEO of SMS Company
Example 2
Dear Thorsten,
I am Captain George Andrew (serving in the Hellenic Air force) and I am the organiser of the third
military marathon in Athens - Greece. You will receive an invitation to participate in our race in the
near future. The purpose of my email is to invite you to complete a short questionnaire about running
shoes and eating habits of runners, in order to find the right sponsors for the race. As Gordon Getty
claimed “if you have more money than you need, you have to give it away. It's a duty. I get to choose
whom to sponsor, and I like to give to the areas that I know something about”. So, your opinion will
really help us.
Click here http://…….. to answer the questionnaire.
I have already sent this email to all members of the international air power exercise for the
amphibious group. Please feel free to forward my email to everyone you think that can help. Josh can
also help as he has a lot of runner friends.
Thank you in advance,

I hope you will able to join our race,
Cpt George Andrew
Hellenic Air Force
Example 3
Dear customer,
You recently bought a birthday cake for your daughter from our sweet shop. Please rate our services
and you automatically receive a discount coupon for your next order.
Rate here http://…………………………..
Thank you,
Sales manager
Example 4
Dear Thorsten Zimmerman,
Strava application is giving away 100 free entries to the authentic marathon in Athens - Greece
(also free transportation and accommodation). Be one of the lucky runners!
Click as soon as possible here http://............
Every second is valuable…..
Strava promotion team

2023 10 11 Spear Phishing Dimitrios

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2023 10 11 Spear Phishing Dimitrios

Uploaded by

Copyright:

Available Formats

International Air Force Semester

The attacker can’t steal the personal data easily.

This very brief nap helped

You’ll get inspiration

Step 1: Information gathering about the victim

Step 1: Information gathering about the victim

Step 1: Information gathering about the victim

Step 1: Information gathering about the victim

Step 1: Information gathering about the victim

Step 1: Information gathering about the victim

Step 1: Information gathering about the victim

Step 1: Information gathering about the victim

Her grandparents lived a war in Her grandparents survived from

She believes that the same

She believes that Syrian

She believes that people who

User name User name User name

Username User name Username

She believes that

What if I made a message including:

Let’s get some

Helping Syrian refugees

Refugees stay in their country

The same happen in Europe

An expert believes the same

Church of Jesus can help

A friend believes in Jesus

Jesus was also a refugee

Her friend gave us her e-mail

Dear (User Name),

Dear (User Name),

Dear (User Name),

Thank you in advance

think as an attacker Step 2: Grouping – categorization of the victim’s information

Dear Mr. Zimmerman,

Feel free to ask anything.

Click here http://…….. to answer the questionnaire.

Thank you in advance,

Rate here http://…………………………..

Dear Thorsten Zimmerman,

Click as soon as possible here http://............

Every second is valuable…..

Strava promotion team

You might also like