How to launch a Nation Wide Phishing Campaign | Learnings from Ad based Phishing Campaigns

Phishing is classically done using Emails/calls. However as digital products and innovation, cyber criminals have evolved with the same. Lets explore how to launch a Nation Wide phishing attempt..

1. Reconnassiance

Information gathering about the targets makes attack more accurate. Go to Google Trends and find out what people are interested in the most.

Google Trends

1. More online transactions == Refund Issues

Indians need credit… And that too hassle free

Trending Loan App Search

2. Attack

Launching an advertisement with “Refund” keyword would be highly successful in terms of people clicking it. And here are results:

Scam Advertisements on “Refund”

Loan App Advertisement — Overseas

3. Covering the Traces — Layering

3.1 Bank Accounts & SIM Cards: Use rented bank accounts and fake/preactivated SIM cards obtained through various channels. Example Telegram

3.2 IP Address : Use VPN/Proxy/IP address from Remote Location belonging to fake SIM cards

3.3 Payments : Use stolen credit/debit cards.

In order to pay for Advertisements or domain/website, use the fraud money.

3.4 Cash Out: After obtaining the fraud money, there are various ways of using them

• ATM withdrawal from remote/off-net ATM
• Coupon purchase followed by orders— Croma & Amazon
• Withdrawal via Cheque from Bank’s Branch in Mask.
• Credit Card Bill Payment of Random Person in exchange of Cash for a discount
• Electricity bill payment
• Crypto purchase via P2P
• Load it in Online Games
• POS Transactions

Simple Techniques, Safe Execution, Get Rich !

**********