How Scammers Harvest Their Phishing Scams Email-Lists?

By: Eldad Zamler

June 11, 2017

Spear VS Large-Scale VS Medium-Scale Phishing Scams

Spear phishing scams like CEO phishing scams attack specific employees
working for victim companies. The scammers must find the email address
of some employees and the email address of their CEO (not too difficult).

Large-scale phishing scams are targeting the general public.
For example the Google Docs Phishing Scam targeted all Gmail users.
The fraud was viral, thus only a small number of Gmail addresses were
needed to launch the attack.

However, in medium-scale phishing scams the attacked population is
large, yet specific (usually all users of a single website or service).

The DMV Phishing Attack

As an example we are going to examine the DMV phishing attack (on 1 June, 2017).
To be effective the fraudsters needed to harvest email addresses of many
potential victims (preferably all New-York drivers).

Importance of Accurate Email List

When a too broad email list is used, irrelevant people will receive the phishing email,
and the scam will quickly be exposed and stopped without fulfilling its full potential.

When the email list is too small, the scam will skip portions of the target population.

Thus we can assume that scammers do their best to harvest the email addresses of
the entire targeted population but not more.

The private and last name of each victim is needed for composing credible emails.

Possible Harvesting Techniques

Note:

I don't know which techniques have been used to harvest the email addresses
of all NY drivers. Few techniques are listed here, but many others exist.

Phishing-DMV:

Get access to an account of a DMV employee via phishing techniques.
Use the kidnapped account to access and steal the email-list of all NY drivers.

Phishing-Others:

Many organizations store private details about their customers.
According to augusta.edu, in the phishing attack on AU Medical Center and
Augusta University at 20 April 2017, the following personal data about some
of their costomers has been leaked:

"full name and either one or more of the following: home address, date of birth,
Social Security number, financial account information, driver's license number,
medical record number, insurance information, prescription information,
diagnosis/condition, and/or treatment information."

Find the emails of all NY drivers among their customers.

Hack-DMV:

Hack DMV servers.
Find the email-list of all NY drivers in their DataBase.

Hack-Others:

Hack a popular website that offers services to NY drivers.

In the Equifax cybersecurity incident (July 29 2017), information about 200,000 U.S.
Consumers has been stolen. According to Equifax "The information accessed primarily
includes names, Social Security numbers, birth dates, addresses and, in some instances,
driver's license numbers. In addition, credit card numbers for approximately
209,000 U.S. consumers, and certain dispute documents with personal identifying
information for approximately 182,000 U.S. consumers, were accessed."

Facebook-Page: