In our second episode of How Do Hackers Do Things, GraVoc Security Consultant, Josh Jenkins, shows you how hackers harvest email addresses for malicious purposes. During this video, Josh will show you how hackers use a variety of paid and non-paid OSINT (Open-Source INTelligence) methods to collect email addresses from the internet. This is the basis for all phishing, malware, and targeted attacks against your website or network.
Hackers will collect email addresses and use them for phishing campaigns against your company. Watch Josh in the video above as he demonstrates 3 different methods of collecting email addresses:
1.) The first example Josh explores is the website Hunter.io. Hunter is an aggregation tool that’s freely available and allows anyone to search for email addresses based on a URL.This tool allows you to see both company and personal email addresses and the sources that they are associated with.
2.) The second example is Kali Linux and a tool called theHarvester. theHarvester allows for the search of URLs, IPs, or in our case, email addresses.
3.) The third example is using OSINT Framework and Skymem. This tool, like the other 2 tools we discussed, provides the opportunity to search for email addresses with just a URL.
While preventing your email address from being harvested may be difficult, the best defense you can put in place for you and your employees is to guide them on how to spot malicious and spam emails. If your business is looking to provide expert security training to your staff, check out our Risk Management & Compliance Services. We also provide Penetration Testing Services and Social Engineering Testing Services to businesses looking to identify, understand and resolve configuration and security vulnerabilities before they are exploited by real-life attacks.
How Do Hackers Do Things Series
If you enjoyed this video, make sure to check out our other How Do Hackers Do things videos for more great security videos and tips! How Do Hackers Do Things focuses on different methods of hacking that cybercriminals use to exploit their victims. Our goal is bring awareness to the vulnerabilities and hacking methods that surround our everyday lives!
The NSA Cybersecurity Guide for Remote Workers
In this blog post, we cover a few key recommendations for remote workers from the NSA guide, ‘Best Practices for Securing Your Home Network.’
GraVoc Recognized on CRN’s 2023 MSP 500 List
CRN®, a brand of The Channel Company, has named GraVoc to its Managed Service Provider (MSP) 500 list in the Pioneer 250 category for 2023!
The Cybersecurity Implications of ChatGPT
Is ChatGPT a security risk? In this blog post, we explore the cybersecurity implications of ChatGPT, including the benefits and challenges.