Phishing Email Campaign: Mimicking and Spoofing – Another Social Engineering Technique

May 15, 2018
Phishing Email Campaign: Mimicking, Spoofing, Social Engineering

Phishing attacks are the most common to affect an individual or organisation. Phishing email campaigns are easy to execute and can use a combination of different techniques in order to get someone to provide their credentials via a fake login page. These social engineering attacks won’t stop, because in this age of information it is very easy to fall for such deception/fraud.

Lately the European Union is almost nearing its date on implementing the General Data Protection Regulations (GDPR) which will effect how data will be handled within all organisations. Therefore prompting these affected companies into blasting customers with email announcements regarding changes in their privacy policies and terms of service.

Recently phishing authors targeted Airbnb as the company announced to its users the changes in their policies which will take effect on 25th of May this year.

What the phishing authors did was to craft emails that are similar to a legitimate Airbnb email blast and then send their own version of email blast to EU based email addresses that are possibly signed up on Airbnb. The source of the potential victims email address could have come from a leaked database exposed online in the dark web.

Ironically, the new data protection regulations that were intended to protect data are being used by cyber criminals to defraud people.


Phishing activities are becoming more difficult to identify, because the people behind it are learning new ways to improve their techniques such as combining it with social engineering in order to trick more people.


They are getting more sophisticated on par with how technology and anti-phishing methods. Therefore the phishing intelligence must also keep up and find ways to improve awareness of the common users and techniques to track down and eliminate sources.

Here are tips to avoid getting caught in the net of a phishing attempt:

  • Whenever reading emails or any online material, as much as possible do not click on an in-built link.
  • Always open websites using your browser by typing in the official website URL.

It is highly likely that other companies will be targeted in the same manner as Airbnb.


About the author

Leave a Reply