For most of us, we can spot a phishing or scam email from a mile away, right? Well, sometimes it’s not so easy. The sender is legitimate looking, the request and scenario in the email is reasonable, and the branding is the same as companies we deal with. The only catch is that none of that was true. In this talk, I will be discussing how to build effective phishing pretexts and landing pages that are almost guaranteed to get user engagement and credentials.

Learning Objectives:

• At the end of this session, security professionals should be able to perform a tailored phishing campaign against targets with higher degrees of success.
• Red teamers can expect to learn a methodology containing reconnaissance, target selection, email pretext ideas, and how to build infrastructure to support the pretext.
• Blue teamers can use this methodology to identify exposures leading to successful phishing pretexts as well as learn how to take canned phishing campaigns and expand them into greater learning opportunities for end users.