create_a_smishing_campaign
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
create_a_smishing_campaign [2017/04/05 10:52] – lucy | create_a_smishing_campaign [2019/08/12 10:15] – [Known Issues] lucy | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Background Info ====== | ====== Background Info ====== | ||
- | Smishing (short for SMS Phishing) is a variant of phishing email scams that uses Short Message Service (SMS) systems to send out bogus text messages. Also written as SMiShing, SMS phishing made recent headlines when a vulnerability in the IPhone's SMS text messaging system was discovered that made smishing on the mobile device possible. | + | Smishing (short for SMS Phishing) is a variant of phishing email scams that uses Short Message Service (SMS) systems to send out bogus text messages. Also written as SMiShing, SMS phishing made recent headlines when a vulnerability in the iPhone's SMS text messaging system was discovered that made smishing on the mobile device possible. |
Smishing scams frequently seek to direct the text message recipient to visit a website or call a phone number. At which point, the person being scammed is enticed to provide sensitive information such as credit card details or passwords. Smishing websites are also known to attempt to infect the person' | Smishing scams frequently seek to direct the text message recipient to visit a website or call a phone number. At which point, the person being scammed is enticed to provide sensitive information such as credit card details or passwords. Smishing websites are also known to attempt to infect the person' | ||
SMS phishing uses cell phone text messages to deliver the bait, persuading people to divulge their personal information. The " | SMS phishing uses cell phone text messages to deliver the bait, persuading people to divulge their personal information. The " | ||
+ | |||
+ | ====== How is LUCY sending SMS? ====== | ||
+ | |||
+ | LUCY has a build in API which will connect to a centralized LUCY gateway when initializing SMS delivery. The gateway will first verify, if the LUCY client has sufficient credits and is allowed to send SMS. If all checks pass our gateway will connect to an international provider using a second API. This provider is able to send the messages with the settings defined in LUCY. | ||
Line 13: | Line 17: | ||
a) commercial license and | a) commercial license and | ||
- | |||
b) sufficient balance | b) sufficient balance | ||
- | **Questions** | + | ====== Q&As ====== |
* Where can I see my current assets available for this feature? | * Where can I see my current assets available for this feature? | ||
Line 23: | Line 26: | ||
You can find your current credit under settings/ | You can find your current credit under settings/ | ||
- | {{ lic.png?600 }} | + | {{:smishin_1.png?600|}} |
* How do I add credits? | * How do I add credits? | ||
- | In LUCY < 2.9: You can simply send us a mail with the required balance. We will then update your balance. Payment can be done via credit card. | ||
- | In LUCY > 2.9: You have a button next to the balance which enables you to buy more credits directly within the LUCY GUI. | + | You have a button next to the balance which enables you to buy more credits directly within the LUCY GUI. |
* How many credits do I need? | * How many credits do I need? | ||
- | One sms usally | + | One sms usually |
- | * How do I get a commercial | + | * How do I get a commercial |
After deciding which [[lucy_pricing|pricing model]] you need you can [[how_to_purchase_lucy|purchase]] and [[how_to_activate_lucy|activate]] lucy in order for this feature to work. | After deciding which [[lucy_pricing|pricing model]] you need you can [[how_to_purchase_lucy|purchase]] and [[how_to_activate_lucy|activate]] lucy in order for this feature to work. | ||
+ | |||
====== Setup ====== | ====== Setup ====== | ||
- | A Smishing Campaign is not different from a regular phishing campaign. Most templates can be used in the same way. The difference is only the delivery method: within the scenario (Base Settings --> Scenario Settings --> Message Settings) you can use as a delivery method either " | + | A Smishing Campaign is not different from a [[create_your_first_phishing_campaign|regular phishing campaign]]. Most templates can be used in the same way. The difference is only the delivery method: within the scenario (Base Settings --> Scenario Settings --> Message Settings) you can use as a delivery method either " |
- | {{ smishing_n.png?600 }} | + | {{: |
If the phone number is saved in the recipient' | If the phone number is saved in the recipient' | ||
Line 50: | Line 53: | ||
Next, you will need to enter the phone number in your recipient' | Next, you will need to enter the phone number in your recipient' | ||
- | {{ smishing3.png?600 }} | + | {{:smishin_2.png?600|}} |
====== Automated URL Shortening ====== | ====== Automated URL Shortening ====== | ||
When you place the %link% variable within the message body and your scenario uses a public domain name, it will automatically be shortened. The link will look like " | When you place the %link% variable within the message body and your scenario uses a public domain name, it will automatically be shortened. The link will look like " | ||
+ | |||
====== Known Issues ====== | ====== Known Issues ====== | ||
- | | + | |
- | * Issues with specific countries: in certain countries SMS spoofing will not work at all or SMS might only arrive if the sender is using a different country code. Example: in Belgium the SMS sender will get replaced by a general number like "8850" | + | * Issues with specific countries: in certain countries, SMS spoofing will not work at all or SMS might only arrive if the sender is using a different country code. For example: in **Belgium**, |
+ | * **Issues with Delivery (sender): | ||
+ | * **Issues when spoofing | ||
+ | | ||
+ | * **Issues with delivery (recipient number)**: sometimes the message is not delivered, because the phone number under the recipient is saved with the wrong format. Make sure recipients phone number always has the country code included. | ||
+ | * **Issues with specific countries**: in certain countries SMS spoofing will not work at all or SMS might only arrive if the sender is using a different country code. Example: in Belgium the SMS sender will get replaced by a general number like “8850” when using a different country code. | ||
+ | * **Delivery issues (content)**: | ||
+ | |||
+ | For further info please check out the support section at: http:// | ||
+ | |||
create_a_smishing_campaign.txt · Last modified: 2021/05/05 11:25 by lucy