Forum Thread: What Are Your Email Phishing Tactics?

Hmm, how about this:

"You've been pre-selected for the Greatest Job on Earth.

To know more about the goods of our offer, please go to http://www.thegreatestjobonearth.com"

I don't think spoofed reply addresses and mass attacks work very well anymore (as in, send out 10,000 emails and hope that one person opens it and clicks the link). Maybe it does for some people and I just don't know about cool tools out there?

In my experience, it's much better to have a specific target -- a person, a single company, a meaningful user list connected to each other in some way.

In terms of just getting an email to someone, I think you more or less have to suck it up and buy a domain (find one that offers bitcoins), and set up the necessary records to get a basic email past spam filters. Even then, you run the risk of having the IP blacklisted if you send out too many emails. Depending on your campaign, you might be able to to get away with using a legit gmail address (not connected to your own, obviously). It depends on your target and what you're after from them.

After that, you still have to do some trial and error to ensure that your email won't get sent to spam. Even legitimate ones aren't immune -- there are a lot of guidelines out there intended for legitimate marketers advising them on how not to fall into spam traps (like don't use CAPITAL LETTERS in the subject line, etc). Those rules apply to phishing as well.

From there it's just a matter of social engineering.

There are other little tips and tricks, but that's the general approach I've used. I've had a lot of success, but for every one email that "worked," the previous 10 or 15 failed completely. You have to keep trying and refining your technique.

What about hosting a private email server on a laptop hiding between a VPN? Wouldn't it be more efficient?

Ninja243