Phishing | Tryhackme Walkthrough
Learn what phishing is and why it’s important to a red team engagement. You will set up phishing infrastructure, write a convincing phishing email and try to trick your target into opening your email in a real-world simulation.
Brief
This room will take you through what phishing is, how it’s performed, some valuable tools and why it’s an essential part of a Red Team engagement.
Now it’s time to move to the next task and receive your Intro to Phishing!
Intro To Phishing Attacks
Before you learn what phishing is, you’ll need to understand the term social engineering. Social engineering is the psychological manipulation of people into performing or divulging information by exploiting weaknesses in human nature. These “weaknesses” can be curiosity, jealously, greed and even kindness and the willingness to help someone. Phishing is a source of social engineering delivered through email to trick someone into either revealing personal information, credentials or even executing malicious code on their computer.
These emails will usually appear to come from a trusted source, whether that’s a person or a business. They include content that tries to tempt or trick people into downloading software, opening attachments, or following links to a bogus website.
A term you’ll come across and the type of phishing campaign a red team would participate in is spear-phishing, as with throwing a physical spear; you’d have a…