In this walk through, we will be going through the Phishing Emails in Action room from Tryhackme. In this room, we will learn the different indicators of phishing attempts by examining actual phishing emails. So, let’s get started without any delay.
Table of Contents
Task 1 – Introduction
Task 2 – Cancel your PayPal order
Question 1 – What phrase does the gibberish sender email start with?
noreply
Task 3 – Track your package
Question 1 – What is the root domain for each URL? Defang the URL.
devret[.]xyz
Task 4 – Select your email provider to view document
Question 1 – This email sample used the names of a few major companies, their products, and logos such as OneDrive and Adobe. What other company name was used in this phishing email?
Citrix
Task 5 – Please update your payment details
Question 1 – What should users do if they receive a suspicious email or text message claiming to be from Netflix?
forward the message to [email protected]
Task 6 – Your recent purchase
Question 1 – What does BCC mean?
Blind Carbon Copy
Question 2 – What technique was used to persuade the victim to not ignore the email and act swiftly?
Urgency
Task 7 – DHL Express Courier Shipping notice
Question 1 – What is the name of the executable that the Excel attachment attempts to run?
regasms.exe
Task 8 – Conclusion
Also Read: Tryhackme – Mustacchio
So that was “Phishing Emails in Action” for you. We learned all the different indicators of phishing attempts by examining actual phishing emails. We started off with an alleged email from PayPal which was regarding cancellation of a order. Next, we looked into tracking scam related to DHL. Further, an Microsoft OneDrive credential harvesting attack. Moving on, a Netflix and Apple support email with a PDF and DOC attachments as lure. At last, looked into a DHL email that has a excel file with macros enabled to run the payload. On that note, i would take your leave and will meet you in next one. Till then, “Happy hacking”.