It is not inconceivable to suspect the success of email phishing correlates closely with the quality and familiarity of the email the intended victim receives. The more convincing the email, the more trust the recipient will have when clicking on a link or attachment within that email.
So I thought I would play the evil attacker and post some examples of emails that a corporate end user might receive from a security product that they know and trust. What better software than a product designed to thwart spam and spear phishing? The following is a notification a user of Postini Anti-Spam services would receive (with some href attribute changes of course);
YourATarget Inc's junk mail protection service has detected suspicious email message(s) since your last visit and directed them to your Message Center.Staying with that theme, Postini also provides an email encryption portal that will encrypt an email and send the recipient a notice.
You can inspect your suspicious email at:
https://login.postini.com/exec/login?email=user@youratarget.com
Suspicious email is kept for 14 days, after which it will be automatically deleted. Please visit your Message Center to delete unwanted messages and check for valid email.
For help accessing and configuring your Message Center:
http://www.postini.com/services/help.html
Thank You!
YourATarget Inc
You have a Postini Secure Email message from user@yoruatarget.com.While there is some irony in using notifications from security products to phish and even more in the fact I was able to sent my spoofed emails through Postini's anti-spam filters unscathed. You could certainly leverage the familiarity of any enterprise application for offense. Some other possibilities include email notifications sourced from a helpdesk system, collaboration software (i.e. Sharepoint), or from email servers warning about size quotas. You can certainly apply these ideas to other attacks too. For example consider the following default Web Filter warning that could be leveraged during a Man-in-the-Middle attack.
To view the secure message, click here.
Do not reply to this notification message. This notification message was auto-generated by the sender's security system. To reply to the sender, please go to your secure message by clicking on the link above.
Please note I have nothing against Postini or similar products. It just happens to be a product that I am familiar with and is quite popular. I am curious on what examples others can come up with. The Social Engineering Toolkit (SET) just released a new version and it is a great platform for testing the success of phishing attacks. It includes built in templates or you can certainly enter in your own custom email. Happy phishing!