Phishing Campaign by Joas

Preparation

Understand your company's or your client's business

Discover your company's organizational structure
Understand your company's main means of communication
- Slack
- WhatsApp
- Emails
- Microsoft Teams
- Zoom Meeting
- Others
Understand how the email structure of internal communication is usually
- Targeted communications
- General Communication

What technologies is used within the company?

Hybrid Environment?
On-premises Environment
Cloud Environment
Full SaaS Environment

Is there a ticket system in the company?

IT Support
Incident Report

Define an awareness process

Tools
- Hacker Rangers
- Knowbe4
- PhishiX
- ThreatCop

Define Phishing tools to be used

Configure Tools
- Knowbe4
- PhishiX
- GoPhishing
- uPhishing
Identify senior management emails
First Campaign
- Create campaigns with general phishing themes
- Send different types of phishing every 50 emails in different departments
Spear-Phishing
- Create a spear-phishing campaign
- Separate emails from senior professionals for targeted campaigns

Execution

Define the emails that will be used in the campaign

Recommendation: Run a gradual campaign

Use different types of templates

Use the random option

Set up a phishing reporting process

Track Phishing Success Rate

Spoof emails from the target organization

Post-Execution

Use the main communication channels to raise awareness

Create interactive posts
- Genially
- Power Points
Create alert posts to help
- Check the news of the main phishing campaigns carried out by attackers
- Close Phishing Notifications, CSIRT and Scam Alerts

Drive awareness training

Those who fell in the campaign
Reported the campaign
And those who didn't click too

Collect feedback from your campaigns

Generate campaign KPIs

To the people who fell for phishing
Who did not interact in phishing
People who reported Phishing
And high-ranking people who have fallen