Once a target has been selected and information about them collected, phishing can be performed to obtain credentials. Phishing attacks often follow a familiar strategy to trick victims. In this step, we will examine methods that are commonly used by adversaries in an attack such as:

Sites with helpful examples include the r/Scams subreddit https://www.reddit.com/r/Scams/, Cofense's database of phishing examples https://cofense.com/real-phishing-examples-and-threats/, Phishing.org's examples https://www.phishing.org/phishing-examples , and Berkeley's Phish Tank https://security.berkeley.edu/resources/phish-tank . Your own Junk mail folder for your pdx.edu account is also likely filled with examples. Find 3 phishing attacks that you feel are the most well-designed for users to click on. Then, analyze each one looking for the 3 methods above.

There are a number of phishing "tells" that you would teach people to look for to identify the attack. Attributes such as an incorrect sender domain, embedded links that don't match the sender's purported identity, the use of a URL shortener, poor formatting, poor spelling, and poor grammar are all examples of this.

The Department of Defense makes their phishing training awareness course available to the public online. It will walk through common types of phishing attacks and social engineering tactics. To go through this virtual training, visit its site here:

Room #1

Join the following room on TryHackMe: https://tryhackme.com/room/phishingemails1tryoe

The room covers some initial strategies and example lures that adversaries have used. Complete the exercise.

Some notes to make the tasks easier.

Room #2

Join the second Phishing room on TryHackMe: https://tryhackme.com/room/phishingemails2rytmuv

Complete the exercise.