Phishing for a solution OSINT Research
When I got the idea to start this blog, I thought to myself “oh great another website”, but this one feels different. I’ve got several blogs, all tech related, but I needed somewhere I could document my research in a way that feels “real”. No more SEO tag monitoring, word counting, and perfectionism. Here, I will post my thoughts, feelings and findings without worrying if it will pop up your search or not. If you make it here or not, that’s that.
How did I get here?
You see, we have a problem with bad actors here on the web. I’m an avid player of MMORPGs, and one that is notorious for bad apples is Runescape. I’ve just earned a few security and penetration testing related certificates, and it made me think about all of the phishing scams we see in this game. So I got bored one day, and started to investigate one. Found a phishing website being advertised in game, went to the website, entered some fake details, and before I knew it, 100+ people lost internet access for 10 minutes. You see, I was on a hotel internet connection, and the website grabbed my IP, fed it to a DDOS service and fired away. The amount of sophistication that goes into the modern day phishing site blew me away. We have automatic DDOS attacks, bots liquidating and trading gold, and even MFA attacks. There’s a single type of phishing scam I’ve learned to track, and it has led to the birth of both this blog, and the accompanying forum. I didn’t want to isolate myself to Runescape phishing scams, so here we are, and if you’re reading this, welcome to the rabbit hole.
Taking the Bait
We all know phishing websites and scams are out there. We look them over, scoff (if we’re smart) and sometimes even report them. But what if we started taking the bait? What if we start digging in deep, uncovering the secret details and mechanisms of the scams? Here, we will be doing just that. I will be investigating the scams, conducting OSINT, and logging them into a database. By bringing all of this information to light, I hope to deter future activity, and help users become more aware of the underground world of the internet that lurks in the spam folders of our email. If I’m lucky, I’ll take the bait and get away home free.