|
|
|
|
|
|
by ActorNightly
788 days ago
|
|
|
BCC is going to look pretty obvious phishing. You are correct that the only way to catch the person is unique information sent to each one - the best way to do this is to register a domain for a website that looks like something close to an official school website. For example, if you are "school.com", you can try something like fileshare-school.com. The backend for the website then automatically sends out unique information based on a fingerprint of a user, including IP address. Ive used AWD Lambda+API Gateway for this cause its free and you get the full http request when you do http passthrough.
Then you send the link through an email to everyone and see if the person takes the bait. Its less precise, but it could get your pool narrower. Bonus points if you fake a login page that looks like the schools one, as it will get you the exact person. |
|
|