Skip to Content

Summary


Cyber threats continue to evolve, and phishing remains one of the most effective social engineering tactics used by attackers. To better understand and mitigate this threat, I conducted a phishing attack simulation designed to assess user awareness and response to deceptive emails. I invited 10 participants, including family and friends, to take part in this simulation, aiming to strengthen their knowledge of phishing attacks. By exposing them to realistic phishing scenarios, I sought to enhance their ability to recognize and respond to potential threats, ultimately improving their overall cybersecurity awareness.

Objective


The goal of this project was to simulate a realistic phishing attacks to evaluate security awareness and provide educational insights on how to recognize and avoid phishing attempts. 

Process


Deploy Gophish

Used Railway to deploy Gophish

Domain Name

Purchased a domain name through IONOS

Sending Profile (SMTP Server)

  • Setup Mailhog (test)
  • Setup Google SMTP (deploy)

Email Templates

I created email templates by utilizing the raw original text from emails I personally received. Additionally, I used ChatGPT to generate simple email templates in HTML, allowing for consistent formatting and improved efficiency in my communications.

Landing Pages

I created landing pages by importing existing website sign-in pages. Additionally, I used ChatGPT to generate similar login pages in HTML, allowing me to replicate and customize the design and functionality.

User & Groups

I contacted 10 individuals and obtained their full permission to participate in my phishing attack simulation. I collected their email addresses to include them in the campaign and used this information to send simulated phishing emails as part of the exercise.

Deploy Campaign 

I selected the appropriate email templates for the campaign, identified the desired target group, and scheduled the launch date. To increase the likelihood of email delivery and avoid triggering spam filters, I strategically staggered the email distribution over several days, ensuring the messages reached the intended recipients effectively.

Results 


 



Lessons Learned