How Scammers Harvest Their Phishing Scams Email-Lists?

By: Eldad Zamler

Spear VS Large-Scale VS Medium-Scale Phishing Scams

phishing-credit-card Spear phishing scams like CEO phishing scams attack specific employees
working for victim companies. The scammers must find the email address
of some employees and the email address of their CEO (not too difficult).

Large-scale phishing scams are targeting the general public.
For example the Google Docs Phishing Scam targeted all Gmail users.
The fraud was viral, thus only a small number of Gmail addresses were
needed to launch the attack.

However, in medium-scale phishing scams the attacked population is
large, yet specific (usually all users of a single website or service).

The DMV Phishing Attack

As an example we are going to examine the DMV phishing attack (on 1 June, 2017).
To be effective the fraudsters needed to harvest email addresses of many
potential victims (preferably all New-York drivers).

Importance of Accurate Email List

When a too broad email list is used, irrelevant people will receive the phishing email,
and the scam will quickly be exposed and stopped without fulfilling its full potential.

When the email list is too small, the scam will skip portions of the target population.

Thus we can assume that scammers do their best to harvest the email addresses of
the entire targeted population but not more.

The private and last name of each victim is needed for composing credible emails.

Possible Harvesting Techniques

I don't know which techniques have been used to harvest the email addresses
of all NY drivers. Few techniques are listed here, but many others exist.
I assume that DMV servers have strong cyber protection. Thus
fooling an employee via phishing may be the prefered choice.