Back to Service Library
Service Catalog / Penetration Testing & Attack Surface Management / Penetration Testing / PT – Phishing Add-on
136PTPHSH Option

PT – Phishing Add-on

On this page

    Methodology

    This project consists of the following phases: 

    1. PLANNING 
      1. Allow use of phishing tool in client's environment. (If available)
      2. Collaborate with client point of contact to generate the phishing email, credential harvesting page, and training page that will be utilized in this campaign. 
      3. Test campaign to validate whitelisting was successful and emails will arrive in inboxes as intended.
      4. Identify the targets for the phishing test.
    2. PHISHING CAMPAIGN
      1. Send out phishing emails over period of time specified in scope section. 
        1. Phishing Email - Seemingly legitimate email that attempts to convince users to click on an unknown link to an untrusted domain.
        2. Credential Harvesting - Users that click on the link in the phishing email will be directed to a login screen to attempt to capture credentials.
    3. FINDINGS

    Client Responsibilities

    • Client to assign a point of contact (POC) responsible for client coordination and logistics. 
    • Client to identify targets for phishing test and provide target names and emails in spreadsheet format (.csv).