Phishing

  • Use OSINT to find brands and places the victim trusts

  • Check businesses near victim's office

  • Look for suppliers, friends, co-workers

  • Use an urgent-sounding subject line

  • Use anchor text to spoof links: Click Here https://onlinebank.thm

Phishing Infrastructure

  • Domain Name

  • TLS Certificate

  • Email Server

  • DNS Records

  • Web Server

  • Analytics (track of the emails that have been sent, opened or clicked)

  • Tools: GoPhish - (Open-Source Phishing Framework) - getgophish.com SET - (Social Engineering Toolkit) - trustedsec.com

PreviousInitial AccessNextExploiting