Archive

Archive for the ‘Social Engineering’ Category

Spear Phishing Setup with IceDove/Thunderbird

October 19, 2016 Leave a comment

For spear phishing I’ve recently found quite a few benefits with using IceDove on Kali (similar to Thunderbird, same settings below should apply). If you register a domain name with namecheap.com, you can get free email for two months, WHOISGuard is free, and Premium DNS is an extra $5, a rather inexpensive setup.  Adding a new account is pretty straightforward as well.  However, when you add the account, you have to set up your name as the email address at first.  Once it’s setup, you can go back and change it to display whatever name you want.

icedove_newaccount

Once that’s setup, you can also change how the email address actually appears in your target recipient’s mailbox.  The following will show up as coming from bill.gates@microsoft.com.  If the person chooses to reply (or look closer at the email headers), the reply message will be sent to the Reply To address (and will be displayed in the To address of the reply email):

icedove_replyto

One other beneficial feature is the Send Later Add-on (Tools > Add-ons) that will allow you to queue up emails to be sent at whatever odd hours are required to get your phish in the desired email box at a reasonable time in the target time zone:

icedove_sendlater

Advertisements