Craig Hays

You are here: Home / Archives for phishing pages

phishing pages

How to Run a Phishing Simulation Test

By Leave a Comment

Reading Time: 12 minutes

Running a successful phishing simulation campaign is difficult. This is how to test your employees to better prepare them for real attacks.

phishing simulation
Fishing Fleet image by Bernard Benedict Hemy

Following on from my last article on how to write phishing emails that work, this article outlines how to run a successful phishing simulation campaign. We do this to measure how employees respond to attacks from criminals, how effective our training is, and where we need to do more to help our employees stay safe online.

[Read more…] about How to Run a Phishing Simulation Test

Dynamically create a phishing page based on the HTTP referer header

By 1 Comment

Reading Time: 3 minutes

Auto-generated phishing pages and the social web.

(The following is a cybersecurity research article on credential theft using non-traditional and underexploited phishing methods.)

You’re browsing the web. You’re logged into an online discussion space such as YouTube, Reddit, Twitter, Medium, a small community forum, etc. You click on a link from another user to another page on the same site. Instead of seeing the content you’re looking for you’re presented with the login page for the site you’re already on. Annoyed and a little confused as to why you’ve been logged out, you log back in and are taken to the content you were expecting.

You’ve just been phished.

[Read more…] about Dynamically create a phishing page based on the HTTP referer header