The Phishing Pond

Phishing

Phishing is a type of scam where attackers try to abuse your trust in order to trick you into giving away personal information, passwords, or even money. These messages often look real and convincing, which is why phishing is so common and effective. In fact, it’s one of the most widespread ways attackers break into accounts or steal data, because it targets people directly rather than trying to hack computers.

It is important for us to be able to identify common strategies used by attackers when creating phishing campaigns. Such tactics include, but aren't limited to:

• Urgency & scare tactics: Subject lines like "Immediate action required" are designed to pressure you.
• Look-alike sender addresses: Fake domains with tiny changes (e.g., rnicrosoft.com instead of microsoft.com).
• Display name impersonation: Sender name looks familiar, but the email address doesn’t match.
• Malicious attachments: Files (DOC/XLS/ZIP) asking you to “enable macros” or containing malware.
• Compromised real accounts: Emails from hacked accounts that look legitimate but have odd requests.
• Too-good-to-be-true offers: Fake prizes, refunds, or job opportunities requiring personal details.

Now it's your turn to put this into practice. You will be presented with a series of emails and will be required to identify if they are phishing emails or not. At the end of the game, you will find the flag required to answer the question.

Start the VM by clicking the Start Machine button below.

Set up your virtual environment

To successfully complete this room, you'll need to set up your virtual environment. This involves starting the Target Machine, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.

Target machine

Status:Off

Start Machine

Wait for a minute until the LAB_WEB_URL has been replaced in the following link and click it to access the game:

https://LAB_WEB_URL.p.thmlabs.com/