Skip to Content
SummaryObjectiveProcessResults Lessons Learned

Summary

Cyber threats continue to evolve, and phishing remains one of the most effective social engineering tactics used by attackers. To better understand and mitigate this threat, I conducted a phishing attack simulation designed to assess user awareness and response to deceptive emails. I invited 10 participants, including family and friends, to take part in this simulation, aiming to strengthen their knowledge of phishing attacks. By exposing them to realistic phishing scenarios, I sought to enhance their ability to recognize and respond to potential threats, ultimately improving their overall cybersecurity awareness.

Objective

The goal of this project was to simulate a realistic phishing attacks to evaluate security awareness and provide educational insights on how to recognize and avoid phishing attempts. 

Process

Deploy Gophish

Used Railway to deploy Gophish

Domain Name

Purchased a domain name through IONOS

Sending Profile (SMTP Server)

  • Setup Mailhog (test)
  • Setup Google SMTP (deploy)

Email Templates

I created email templates by utilizing the raw original text from emails I personally received. Additionally, I used ChatGPT to generate simple email templates in HTML, allowing for consistent formatting and improved efficiency in my communications.

Landing Pages

I created landing pages by importing existing website sign-in pages. Additionally, I used ChatGPT to generate similar login pages in HTML, allowing me to replicate and customize the design and functionality.

User & Groups

I contacted 10 individuals and obtained their full permission to participate in my phishing attack simulation. I collected their email addresses to include them in the campaign and used this information to send simulated phishing emails as part of the exercise.

Deploy Campaign 

I selected the appropriate email templates for the campaign, identified the desired target group, and scheduled the launch date. To increase the likelihood of email delivery and avoid triggering spam filters, I strategically staggered the email distribution over several days, ensuring the messages reached the intended recipients effectively.

Results 

 



Lessons Learned