Post 76 - It's phishing season

02 Dec 2025

Day 2 Phishing Merry Clickmas

Anti-phishing Mnemonics

S.T.O.P. from All Things Secured. Ask the following questions before acting on a message:

• Suspicious?
• Telling me to click something?
• Offering me an amazing deal?
• Pushing me to do something now?

Second S.T.O.P reminders:

• Slow down. Adrenaline leads to mistakes.
• Type the address yourself. Don’t use the message link.
• Open nothing unexpected. Verify first.
• Prove the sender. Check the real From address/number, not just the display name.

Social Engineering Toolkit

Cli tool, launch by typing setoolkit. 99 always gets you back to the main menu while navigating. While typing message use ctrl+c.

The Task

Create a phishing email targeting a specific user and try to harvest their creds from a fake webserver.

Recommended Stuff

Phishing Prevention room.