What's new
By:
Filters
Runion

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Office spamming and BEC job

I used to spam 2FA o365 with warmed up SMTPs for initial access for getting logins to network, mostly VPN or if asked dumped all email and gave to contractor.
You think I can do BEC?
 
wiseguy01 said:
wiseguy01 сказал(а):
I used to spam 2FA o365 with warmed up SMTPs for initial access for getting logins to network, mostly VPN or if asked dumped all email and gave to contractor.
You think I can do BEC?
Нажмите, чтобы раскрыть...
Click to expand...
Yes
You just need first to collect as much as Office365 acceses you can
get good bankdrops

and after that you are only looking for invoices being sent in and out
when you have enough emails you are just watching one and another and so
 
How can I modify invoice? Do I MitM between the email accounts or email accounting to instruct to transfer money to drop?
Also how are you guys getting drops? I have very old friend who was into banking and fintech he gave me drop during Kronos banker era with webinjects etc but I still don't know how someone get drop for a large like 6 or 7 digit transfers?
 
It doesn't work like that; MitM will not work. I shared how it works in my post /threads/108380/

To get a bank drop, you should make a fake company whose business is payment processing. Then find unsuspecting people who will be ready to work with you; they will open bank accounts, warm it up with their own cash, register on crypto exchanges, and buy crypto several times from their bank account using their money.

Then you'll have a bank account linked to a crypto exchange. It takes about a month if you have the experience to do that.

If not, you just find someone who has these drops, and they will work for a share of the money you send
 
One tip for the beginners, focus on getting minimal and small leads like instead of targeting 1K email randomly with a bulk letter, just target 20 CFOs or sales managers with spear attacks that are targeted.
Like that you maximize your profit and work less.
 
Question guys, where to get good CEO and CFO leads? Google is shitty source source as all emails are already spammed with pharma and my other issue is how can get company names to search for CFO or CEO in like crunchbase?
Found my answer) LinkedIn Premium)
 
springwater1 said:
springwater1 сказал(а):
yes but some people like to get a large list and filter them too see email providers to continue choosing targets and also filter out dead emails also most people like to just spam in general only a few are spear phishing
Нажмите, чтобы раскрыть...
Click to expand...
filtering valid emails can be done even with open source projects but spamming bulk is bullshit, even when I spam when I need ccs or logins for specific site, I use victim first name in the email) spearing is professionals task)
 
wiseguy01 said:
wiseguy01 сказал(а):
Question guys, where to get good CEO and CFO leads? Google is shitty source source as all emails are already spammed with pharma and my other issue is how can get company names to search for CFO or CEO in like crunchbase?
Found my answer) LinkedIn Premium)
Нажмите, чтобы раскрыть...
Click to expand...
start from a good social engineering analysis, small company with international running deal. Check references from social, most of them didn't have MFA and with a bit of luck you can easily find some credential already leaked.
 
iamnopiracy said:
iamnopiracy сказал(а):
start from a good social engineering analysis, small company with international running deal. Check references from social, most of them didn't have MFA and with a bit of luck you can easily find some credential already leaked.
Нажмите, чтобы раскрыть...
Click to expand...
I do full analysis of victim, I look up social media, if they have iCloud, leaked DBs for extra info like IPs and extra info and then phish.
I found way to get leads with full data easily)
 
You must log in or register to reply here.
Top