Overview
As a part of an organization's security policy, the organization should have an organized training and awareness plan. Part of that plan should be periodic phishing simulations. Phishing is a cyberattack in which an attacker poses as a trustworthy person to deceive individuals and trick them into providing sensitive information. A phishing simulation should resemble a real-life phishing attempt while prioritizing the security and well-being of an organization's employees.
In this lab, you will learn to:
- Plan a phishing simulation for an organization.
- Set up the environment to support a phishing simulation.
- Craft a phishing message.
- Deliver and execute the phishing message.
- Follow up and educate users who fell for the phishing attempt.
Key terms and descriptions
Phishing
Phishing is a form of cyberattack in which an attacker poses as a trustworthy entity or organization to deceive individuals and trick them into providing sensitive information, such as passwords, credit card details, or personal data.
Types of Phishing Attacks
Email, spear phishing, whaling, smishing, and vishing
Phishing Simulation
A phishing simulation for an organization should closely resemble a real-life phishing attempt while prioritizing the security and well-being of the organization's employees.