Module Code & Module Title
CC6051NI ETHICAL HACKING
Assessment Weightage & Type
50% Report
Semester
2020 Spring
Student Name: Subina Bohora
London Met ID: 19031489
College ID: NP01NT4A190034
Assignment Due Date: 11th May, 2022
Assignment Submission Date: 11th May, 20222
Word Count (Where Required): 2000
I confirm that I understand my coursework needs to be submitted online via Google Classroom under the
relevant module page before the deadline in order for my assignment to be accepted and marked. I am
fully aware that late submissions will be treated as non-submission and a mark of zero will be awarded.
�ABSTRACT
Phishing is a fraud that has been around for a long time and is still expanding. We have
gathered a lot of information in this study on its new and improved method of defrauding
people without their awareness or consent. Some case studies based on real-life
situations are also provided. According to Home Depot Company research, the United
States and Canada lost $62 million, of which only $27 million was compensated by
insurance and the rest is still unknown. Our primary goal is to keep people informed of
every destructive activity perpetrated by attackers.
ACKNOWLEDGEMENT
I would like to thank my teacher Ganesh Subedi who gave me this opportunity to work on
this project. I got to learn a lot from this project about Phishing Attacks and its causes in
the world.
At last, I would like to extend my heartfelt thanks to my parents because without their help
this project would not have been successful. Finally, I would like to thank my dear friends
who have been with me all the time.
�Contents
1. Introduction .............................................................................................................. 1
1.1. SUBJECT MATTER .............................................................................................. 1
1.2. AIM AND OBJECTIVES ....................................................................................... 5
1.2.1. AIM ................................................................................................................. 5
1.2.2. Objectives ...................................................................................................... 5
2. BACKGROUND AND LITERATUR REVIEW .............................................................. 6
2.1. INDEPTH .............................................................................................................. 6
2.2. LITERATURE REVIEW ........................................................................................ 7
1. Case 1 .................................................................................................................. 7
2. Case 2 .................................................................................................................. 7
2.3. TOOLS AND TECHNOLOGIES............................................................................ 8
1. Kali Linux ............................................................................................................. 8
3. ATTACK DEMOSTRATION ........................................................................................ 9
3.1. DEMONSTRATION .............................................................................................. 9
3.2. RECOMMENDATION ......................................................................................... 14
4. CONCLUSION .......................................................................................................... 15
4.1. CONCLUSION .................................................................................................... 15
4.2. Legal, Ethical, and Social Issues ........................................................................ 15
1. Legal Issues ....................................................................................................... 15
2. Social Issues ...................................................................................................... 16
3. Ethical Issues ..................................................................................................... 16
5. REFERENCES AND BIBLIOGRAPHY...................................................................... 17
References .................................................................................................................... 17
Bibliography .................................................................................................................. 20
6. APPENDIX ................................................................................................................ 22
6.1. Subject Matter..................................................................................................... 22
6.2. Literature review ................................................................................................. 22
6.2.1. Case 1 .......................................................................................................... 22
6.2.2. Case 2 .......................................................................................................... 23
�List of Figures
Figure 1 Statistics of employee interacting with malicious mails (Johnson, 2021) .......... 2
Figure 2 Phishing Attacks Stats (Richter, 2021) .............................................................. 3
Figure 3 Phishing Attack Percentage (Pitchkites, 2022).................................................. 4
Figure 4 Cloning zphisher tool ......................................................................................... 9
Figure 5 Using Instagram as phishing website .............................................................. 10
Figure 6 Using Traditional Login Page .......................................................................... 10
Figure 7 Using Ngrok.io................................................................................................. 11
Figure 8 Link was developed ......................................................................................... 11
Figure 9 Instagram Login Page is initialized .................................................................. 12
Figure 10 Using Credentials to Login ............................................................................ 12
Figure 11 Using SE Toolkit to make Phishing Mail ........................................................ 13
Figure 12 Gmail was Sent to the victim ......................................................................... 14
�CC6051NI ETHICAL HACKING
1. Introduction
1.1. SUBJECT MATTER
Early internet fraudsters used lures to "fish" for passwords and financial data from a wide
sea of unwary internet users, which gave rise to the term "phishing." Over time, the use
of the "ph" in this phrase has been lost. It was very certainly related to hacker naming
standards like "phreaks." Phishing is the act of impersonating a legitimate institution and
contacting a targeted individual by email or phone to fool them into providing personal
information such as financial information, credit card numbers, and passwords.
The personal information is then utilized to get access to the account of the individual,
which can lead to identity theft and financial loss. Phishing is when someone sends an
email pretending to be from a reputable company. It's frequently accompanied with a
warning or a request for information, such as an account will be closed, a balance is due,
or account information is missing. The email will ask the recipient for sensitive information
such as bank account numbers, PINs, or passwords, which the website's owners would
use to perpetrate fraud. It may also be characterized as using an alias to go around or
entrap security.
The security firm Kaspersky Lab has published a report titled "Financial Cyber Threats in
2014." In this investigation, we discovered that around 30% of phishing assaults target
online customers. As we previously stated, Phishing is an online fraud scheme in which
clients are enticed to disclose personal or secret information about their accounts in order
to carry out the Phishing hoax. According to Kaspersky's new analysis, approximately 16
percent of phishing crooks utilize the names of various banks known by consumers to
commit the crime, which is far lower than the previous year's figure of just 6 percent.
However, it increased by 1% when people used prominent online shopping websites, and
it increased by twofold when people used online payment, which dropped to 5%.
[Specifically, banks stated that online payment systems account for 11 percent of assaults
while online shopping sites account for roughly 8% of attacks, according to Kaspersky.
(Malwarebytes, n.d.) (Bowcut, 2022)
SUBINA BOHORA 1
�CC6051NI ETHICAL HACKING
More details are in 6.1. Subject Matter
Facts about Phishing
It is known that around 1.2 million people in the United States of America lost substantial
business between May 2004 and May 2005, that they lost up to $2 billion yearly in 2007,
and that in August 2007, 3.6 million people lost US$3.2 billion as their workers became
victims. According to Microsoft, substantial losses caused by fraud bankers almost from
phishing in the United Kingdom grew to GB£23.2 million in 2005 from GB£12.2 million in
2004.
Figure 1 Statistics of employee interacting with malicious mails (Johnson, 2021)
SUBINA BOHORA 2
�CC6051NI ETHICAL HACKING
Figure 2 Phishing Attacks Stats (Richter, 2021)
SUBINA BOHORA 3
�CC6051NI ETHICAL HACKING
Figure 3 Phishing Attack Percentage (Pitchkites, 2022)
SUBINA BOHORA 4
�CC6051NI ETHICAL HACKING
1.2. AIM AND OBJECTIVES
1.2.1. AIM
The aim of this project is to research and develop report about the Phishing and its
techniques along with demonstrating the Phishing attack in VMware.
1.2.2. Objectives
The main objectives of this report writing are as follows:
1. Research and learn about the Phishing Attack and its techniques.
2. Research about the cases related to phishing that has occurred in real world
scenario.
3. Research and learn about the mitigation ways of the Phishing Attacks.
4. Demonstrate the Phishing Attack in Virtual Place.
SUBINA BOHORA 5
�CC6051NI ETHICAL HACKING
2. BACKGROUND AND LITERATUR REVIEW
2.1. INDEPTH
History
The sole Internet option in the early to mid-1990s was to pay for 'dial-up' access. A thirty-
day free trial of Internet connection through an AOL floppy disk was available for people
who were hesitant to pay for Internet access Instead of facing life without the Internet
when the trial period expired, several users altered their screen identities to make it
appear as though they were AOL administrators. To continue accessing the Internet for
free, they would "phish" for log-in credentials using these phony screen identities. On May
4, 2000, the globe was struck by the Love Bug due to a shift in strategy. Beginning in the
Philippines, mailboxes all across the world were flooded with the message "ILOVEYOU."
"Kindly verify the enclosed LOVELETTER coming from me," the message simply stated.
Although phishing distribution techniques have developed over the last two decades to
avoid detection by spam filters and other technologies, phishers' strategies have stayed
rather similar. (2022 Cofense, 2022) (Gillin, 2022) (2022 DuoCircle LLC., 2022)
(KnowBe4, Inc, 2022)
Causes of Phishing
The loss of vital accounts, such as online banking, online shopping, online investing, and
online payments of various bills, are among the causes of harm. Phishing has become
more widespread as the number of people who are unaware of it grows.
Wannabe hackers may now compete with sophisticated criminal organizations because
to the availability of phishing kits and the advent of ransomware-as-a-service (RaaS).
(Samarati, 2017) (Grimes, 2015)
SUBINA BOHORA 6
�CC6051NI ETHICAL HACKING
2.2. LITERATURE REVIEW
1. Case 1
Google.com, one of the world's most well-known and popular websites, was recently the
target of a phishing attack in which Google users were given seven days to update their
personal information before their accounts were permanently deleted if they did not.
Users are baffled, and the situation was later dismissed by the respected site's
representative, who claims it is a phishing attempt to obtain personal information,
commonly known as spoofing or password phishing.
More details are in 6.2.1. Case 1
2. Case 2
On November 8th, 2014, Home Depot, a home improvement retailer, said that hackers
had compromised 53 million e-mail addresses, exposing 56 million credit card numbers.
The hackers were able to get access to the company's systems by using a third-party
vendor's account and password. It recovers customer data from the firm's self-checkout
terminals using custom-built software, mostly in the United States and Canada, at a cost
of $62 million, of which $27 million will be covered by insurance. According to sources,
the hackers' malicious software was designed to avoid detection by anti-virus software.
(Ushnamary Sharma, 2015)
More details are in 6.2.2. Case 2
SUBINA BOHORA 7
�CC6051NI ETHICAL HACKING
2.3. TOOLS AND TECHNOLOGIES
1. Kali Linux
Offensive Security maintains Kali Linux, which is a Debian-based Linux distribution. Mati
Aharoni and Devon Kearns came up with the idea. Kali Linux is a specifically built
operating system for network analysts, penetration testers, and those that work in the
field of cybersecurity and analysis. Kali Linux's official website is Kali.org. It became well-
known after appearing in the Mr. Robot television series. It is not intended for public
usage; rather, it is intended for experts or individuals who are familiar with Linux/Kali.
(tutorialspoint, 2022) (geeksforgeeks, 2022)
2. VMWARE
VMware, Inc. is a well-known software business that specializes in system virtualization
and cloud computing. On a single computer or server, VMware's software allows users to
build several virtual environments, or virtual computer systems. In essence, one computer
or server might be used to host or administer a large number of virtual computer systems,
up to a hundred or more. Hardware components such as the visual card, network
adapters, and hard drive are virtualized by the software. (Hope, 2017)
SUBINA BOHORA 8
�CC6051NI ETHICAL HACKING
3. ATTACK DEMOSTRATION
3.1. DEMONSTRATION
Figure 4 Cloning zphisher tool
SUBINA BOHORA 9
�CC6051NI ETHICAL HACKING
Figure 5 Using Instagram as phishing website
Figure 6 Using Traditional Login Page
SUBINA BOHORA 10
�CC6051NI ETHICAL HACKING
Figure 7 Using Ngrok.io
Figure 8 Link was developed
SUBINA BOHORA 11
�CC6051NI ETHICAL HACKING
Opening the Link
Figure 9 Instagram Login Page is initialized
Figure 10 Using Credentials to Logi
SUBINA BOHORA 12
�CC6051NI ETHICAL HACKING
Result in Kali
[-] Login info Found !!
[-] Password : 1234xyzs
Using Social Engineering tool kit
Figure 11 Using SE Toolkit to make Phishing Mail
SUBINA BOHORA 13
�CC6051NI ETHICAL HACKING
Figure 12 Gmail was Sent to the victim
3.2. RECOMMENDATION
To prevent from Phishing attack’s this are some mitigation or recommendations:
1. Do not react to e-mails or texts stating you have won a huge quantity of money
from a credible website and requesting your bank account and other personal
details.
2. Maintain the confidentiality of your personal information. Things like bank account
numbers, phone numbers, addresses, passwords, and so on.
3. Do not be deceived by e-mails from unknown senders requesting personal
information and demanding that you fill it out within a specified time frame.
SUBINA BOHORA 14
�CC6051NI ETHICAL HACKING
4. CONCLUSION
4.1. CONCLUSION
In conclusion to this phishing research, we learned some fascinating statistics regarding
how far an attacker would go to satisfy his desired goals. We've also seen massive
financial losses over the world, resulting in society's productivity and progress falling
short. However, the most painful loss is that of regular individuals who fall victim to
phishing, as their personal information is used against them for fraudulent reasons without
their awareness, or their bank accounts are robbed without their knowledge. Despite this,
organizations are now taking the initiative to spread an awareness statement about being
more cautious and precise about fake information (such as winning a lottery with an
undeniable prize, booking hotels at a low rate, travel agencies offering lower costs, and
so on.) that protects users from being phished.
4.2. Legal, Ethical, and Social Issues
1. Legal Issues
All of the software used in the project's development was either given by London
Metropolitan University as a student version, a trial version, or came pre-installed in the
Windows operating system. No pirated or cracked software was used in this project. All
of the laws stated in the Electronic Transaction Act of 2063 are followed in this project.
Because all development, testing, and installation work is done in line with all applicable
laws in the nation, the system is free of legal difficulties. The 80 provisions of the
Electronic Transactions Act have all been extensively researched and analyzed. There
were no harmful programs or viruses put into the system code, and user privacy and
security were taken into account. There has been no usage of any London Met-prohibited
websites.
SUBINA BOHORA 15
�CC6051NI ETHICAL HACKING
2. Social Issues
The system's potential for causing societal problems has been eliminated. There is no
religious or political substance in the system or report, and it has no detrimental influence
on a person's self-esteem or self-respect. This study is written for people of all ethnic
backgrounds and ages who wish to understand more about the phishing assault and its
consequences. This study outlines techniques for consumers to protect themselves from
phishing attacks.
3. Ethical Issues
Because the entire paper has been cited, there are no questions. Plagiarism and citation
were properly addressed. This project conforms completely with London Metropolitan
University's rules and regulations, and all work produced has complied with the client's or
the numerous publishers' and researchers' Intellectual Property. In this project, we have
dealt with ethical issues in every manner possible.
SUBINA BOHORA 16
�CC6051NI ETHICAL HACKING
5. REFERENCES AND BIBLIOGRAPHY
References
2022 Cofense, 2022. New Messages!. [Online]
Available at: https://cofense.com/knowledge-center/history-of-phishing/
[Accessed 6 may 2022].
2022 DuoCircle LLC., 2022. History of Phishing. [Online]
Available at: https://www.phishprotection.com/resources/history-of-phishing/
[Accessed 5 may 2022].
Anon., 2022. Phishing _ What Is Phishing_. [Online]
Available at: https://www.phishing.org/what-is-phishing
[Accessed 7 may 2022].
Bowcut, S., 2022. Phishing _ What Is Phishing_. [Online]
Available at: https://cybersecurityguide.org/resources/phishing/
[Accessed 7 May 2022].
CRYEN, n.d. Home Depot Breach Results in First Phishing Scam - Cyren.html. [Online]
Available at: https://www.cyren.com/blog/articles/home-depot-breach-results-in-first-
phishing-scam
[Accessed 09 May 2022].
geeksforgeeks, 2022. Introduction to Kali Linux - GeeksforGeeks. [Online]
Available at: https://www.geeksforgeeks.org/introduction-to-kali-linux/
[Accessed 7 may 2022].
Gillin, P., 2022. The History of Phishing Attacks _ Verizon Business. [Online]
Available at: https://www.verizon.com/business/resources/articles/s/the-history-of-
phishing/
[Accessed 7 May 2022].
Grimes, R. A., 2015. 10 reasons why phishing attacks are nastier than ever _ CSO
Online. [Online]
Available at: https://www.csoonline.com/article/3003082/10-reasons-why-phishing-
attacks-are-nastier-than-
ever.html#:~:text=10%20reasons%20why%20phishing%20attacks%20are%20nastier%
20than,to%20subvert%20antivirus%20software.%20...%20More%20items...%20
[Accessed 7 may 2022].
Hope, C., 2017. What is VMware_. [Online]
Available at: https://www.computerhope.com/jargon/v/vmware.htm
[Accessed 7 may 2022].
SUBINA BOHORA 17
�CC6051NI ETHICAL HACKING
Johnson, J., 2021. Phishing - statistics & facts _ Statista.html. [Online]
Available at: https://www.statista.com/topics/8385/phishing/#topicHeader__wrapper
[Accessed 08 May 2022].
Khanfar, M., 2017. The Google Docs Phishing Scam and Why It's So Dangerous -
Curotec.html. [Online]
Available at: https://www.curotec.com/insights/google-docs-phishing-attack-2017/
[Accessed 08 May 2022].
KnowBe4, Inc, 2022. Phishing _ History of Phishing. [Online]
Available at: https://www.phishing.org/history-of-phishing
[Accessed 7 may 2022].
Malwarebytes, n.d. What is Phishing_ _ How to Protect Against Phishing Attacks _
Malwarebytes. [Online]
Available at: https://www.What is Phishing_ _ How to Protect Against Phishing Attacks _
Malwarebytescom/phishing
[Accessed 7 May 2022].
Pitchkites, M., 2022. 26 Cyber Security Statistics, Facts & Trends in 2022.html. [Online]
Available at: https://www.cloudwards.net/cyber-security-statistics/
[Accessed 08 May 2022].
Richter, F., 2021. • Chart_ Phishing the Most Common Cause of Ransom Attacks _
Statista.html. [Online]
Available at: https://www.statista.com/chart/25247/most-common-causes-of-
ransomware-attacks/
[Accessed 08 May 2022].
Samarati, M., 2017. 6 reasons why phishing is so popular and successful - IT
Governance Blog En. [Online]
Available at: https://www.itgovernance.eu/blog/en/6-reasons-why-phishing-is-so-
popular-and-successful
[Accessed 7 may 2022].
Stephanie, 2020. A Look Back at the Home Depot Data Breach _
BestCompany.com.html. [Online]
Available at: https://bestcompany.com/identity-theft/blog/a-look-back-at-the-home-
depot-data-breach
[Accessed 08 May 2022].
tutorialspoint, 2022. Kali Linux Tutorial. [Online]
Available at: https://www.tutorialspoint.com/kali_linux/index.htm
[Accessed 7 may 2022].
Ushnamary Sharma, M. G., 2015. Phishing-An Analysis on the Types, Causes,
Preventive Measuresand Case Studies in the Current Situation. National Conference on
SUBINA BOHORA 18
�CC6051NI ETHICAL HACKING
Advances in Engineering, Technology & Management (AETM'15, IOSR Journal of
Computer Engineering (IOSR-JCE)(2278-8727), pp. 01-08.
SUBINA BOHORA 19
�CC6051NI ETHICAL HACKING
Bibliography
2022 Cofense, 2022. New Messages!. [Online]
Available at: https://cofense.com/knowledge-center/history-of-phishing/
[Accessed 6 may 2022].
2022 DuoCircle LLC., 2022. History of Phishing. [Online]
Available at: https://www.phishprotection.com/resources/history-of-phishing/
[Accessed 5 may 2022].
Anon., 2022. Phishing _ What Is Phishing_. [Online]
Available at: https://www.phishing.org/what-is-phishing
[Accessed 7 may 2022].
Bowcut, S., 2022. Phishing _ What Is Phishing_. [Online]
Available at: https://cybersecurityguide.org/resources/phishing/
[Accessed 7 May 2022].
CRYEN, n.d. Home Depot Breach Results in First Phishing Scam - Cyren.html. [Online]
Available at: https://www.cyren.com/blog/articles/home-depot-breach-results-in-first-
phishing-scam
[Accessed 09 May 2022].
geeksforgeeks, 2022. Introduction to Kali Linux - GeeksforGeeks. [Online]
Available at: https://www.geeksforgeeks.org/introduction-to-kali-linux/
[Accessed 7 may 2022].
Gillin, P., 2022. The History of Phishing Attacks _ Verizon Business. [Online]
Available at: https://www.verizon.com/business/resources/articles/s/the-history-of-
phishing/
[Accessed 7 May 2022].
Grimes, R. A., 2015. 10 reasons why phishing attacks are nastier than ever _ CSO
Online. [Online]
Available at: https://www.csoonline.com/article/3003082/10-reasons-why-phishing-
attacks-are-nastier-than-
ever.html#:~:text=10%20reasons%20why%20phishing%20attacks%20are%20nastier%
20than,to%20subvert%20antivirus%20software.%20...%20More%20items...%20
[Accessed 7 may 2022].
Hope, C., 2017. What is VMware_. [Online]
Available at: https://www.computerhope.com/jargon/v/vmware.htm
[Accessed 7 may 2022].
Johnson, J., 2021. Phishing - statistics & facts _ Statista.html. [Online]
Available at: https://www.statista.com/topics/8385/phishing/#topicHeader__wrapper
[Accessed 08 May 2022].
SUBINA BOHORA 20
�CC6051NI ETHICAL HACKING
Khanfar, M., 2017. The Google Docs Phishing Scam and Why It's So Dangerous -
Curotec.html. [Online]
Available at: https://www.curotec.com/insights/google-docs-phishing-attack-2017/
[Accessed 08 May 2022].
KnowBe4, Inc, 2022. Phishing _ History of Phishing. [Online]
Available at: https://www.phishing.org/history-of-phishing
[Accessed 7 may 2022].
Malwarebytes, n.d. What is Phishing_ _ How to Protect Against Phishing Attacks _
Malwarebytes. [Online]
Available at: https://www.What is Phishing_ _ How to Protect Against Phishing Attacks _
Malwarebytescom/phishing
[Accessed 7 May 2022].
Pitchkites, M., 2022. 26 Cyber Security Statistics, Facts & Trends in 2022.html. [Online]
Available at: https://www.cloudwards.net/cyber-security-statistics/
[Accessed 08 May 2022].
Richter, F., 2021. • Chart_ Phishing the Most Common Cause of Ransom Attacks _
Statista.html. [Online]
Available at: https://www.statista.com/chart/25247/most-common-causes-of-
ransomware-attacks/
[Accessed 08 May 2022].
Samarati, M., 2017. 6 reasons why phishing is so popular and successful - IT
Governance Blog En. [Online]
Available at: https://www.itgovernance.eu/blog/en/6-reasons-why-phishing-is-so-
popular-and-successful
[Accessed 7 may 2022].
Stephanie, 2020. A Look Back at the Home Depot Data Breach _
BestCompany.com.html. [Online]
Available at: https://bestcompany.com/identity-theft/blog/a-look-back-at-the-home-
depot-data-breach
[Accessed 08 May 2022].
tutorialspoint, 2022. Kali Linux Tutorial. [Online]
Available at: https://www.tutorialspoint.com/kali_linux/index.htm
[Accessed 7 may 2022].
Ushnamary Sharma, M. G., 2015. Phishing-An Analysis on the Types, Causes,
Preventive Measuresand Case Studies in the Current Situation. National Conference on
Advances in Engineering, Technology & Management (AETM'15, IOSR Journal of
Computer Engineering (IOSR-JCE)(2278-8727), pp. 01-08.
SUBINA BOHORA 21
�CC6051NI ETHICAL HACKING
6. APPENDIX
6.1. Subject Matter
The term phishing has many definitions, including brand spoofing, carding, pharming,
fraud attack, and semantic attack, but it all boils down to the same thing: the phisher's
goal is to trick the victims into giving away their passwords, account numbers, or any
other personal information that will be useful to the phisher. According to the author on
Phin ding Phish, phishing is a semantic assault in which victims are duped into providing
personal information to an unauthorized website. A solution has been devised in the form
of toolbars that provide specific findings as to whether or not the site is real. There are
several anti-phishing toolbars available are Cloud mark, Anti-Fraud Toolbar, Earthlink
Toolbar, eBay Toolbar, GeoTrustTrustWatch Toolbar, and many others are just a few
examples. Phishing has even turned into a business, with phishers making millions of
dollars by stealing from victims. There are several organizations involved in this heinous
fraud, with the majority of them based in Eastern Europe, Asia, Africa, and the Middle
East. (Anon., 2022)
More details are in 1.1. SUBJECT MATTER
6.2. Literature review
6.2.1. Case 1
The hackers created a third-party software and sought for permission to access account
information, but they fooled users by giving it a legitimate-sounding name. Google Docs
was the program, and the permissions request came from Google. The first was the email
address used to send the request. The email came from
hhhhhhhhhhhhhhhh@mailinator[.]com, despite the fact that the program was accessing
the hijacked account's contact list. The second requires a more observant user to notice.
The developer information may be found in the title of the app permissions page. It was
evident from that information that the permissions would take the user away from
Google's domain and to googledocs.docscloud.info. Finally, if you have the Google Docs
app loaded on your phone, you've surely noticed that you get an alert anytime someone
SUBINA BOHORA 22
�CC6051NI ETHICAL HACKING
requests to edit or comment on a document to which you have access. There was no
comparable notice through the authentic Google Docs when the phishing email arrived.
(Khanfar, 2017) (Ushnamary Sharma, 2015)
More details are in Case 1
6.2.2. Case 2
Customers are reminded about the Home Depot hack in the email, which also advises
them to monitor their online accounts for suspicious behavior on a regular basis. Of
course, the offered login URL redirects them to a phishing site. The "From" email address,
[email protected] (a valid American Express email address), is also
faked, leading the sender to believe the email is authentic. (CRYEN, n.d.)
According to an in-depth case study, the hackers were able to obtain the credentials of a
third-party provider and use them to get access to the system. The hackers were
subsequently able to pivot right into the Home Depot corporate network by exploiting a
zero-day vulnerability in Windows. The hackers were able to deploy a unique memory
scraping virus once inside the network. Memory scraping malware may scan POS
systems and gather all sensitive information entered. When you swipe your credit card,
for example, the virus collects all of your card information, which is then retrieved by the
hackers. This malware was placed on over 7,500 self-checkout POS machines and went
undiscovered for months, despite antivirus protection. The credit and debit card
information collected was sold, and the emails collected were utilized in phishing
attempts. (Stephanie, 2020)
More details are in Case 2
SUBINA BOHORA 23
