Phishing is an attack technique where an attacker uses fraudulent emails or texts, or copycats websites to get a victim to share valuable personal information such as account numbers, social security numbers, or victim’s login user-name and password. This technique is also used to trick the victim into running malicious code on the system, so that an attacker can control the user’s system and thereby get acces to user’s or organization’s sensitive data. This book is an introduction for the reader in the world of Phishing attacks. The book focuses on the different kinds of Phishing attacks and provides an overview of some of the common open source tools that can be used to execute Phishing campaigns. Red teams, pentesters, attackers, etc. all use Phishing techniques to compromise a user’s machine. It is necessary for Red teams and pentesters to understand the various payload delivery mechanisms used by current threat profiles. The book then delves into the common Phishing payload delivery mechanisms used by current threat profiles. It also introduces some new and uncommon payload delivery techniques that the author has used in the past to bypass and get through email filters as well as end-point detection systems. The second edition of this book adds new ways that are used by current threat actors to take over and compromise their victims. This includes exploiting Windows URIs, Outlook and Contact application files, utilizing and compromising cloud services, etc.
