Phisherman’s Net: A Tool For Understanding And Preventing Phishing Attacks

Phishing is one of the most prominent attack vectors employed by adversaries to compromise user credentials and gain access to restricted accounts. In a phishing attack, the attacker pretends to be someone known to the adversary (friend, family member, employer) or a position of authority (such as the government) and reaches out via email. The email redirects the victim to a landing page that has the exact look and feel of a real website. Victims unwittingly enter their credentials here which are harvested by the attacker, thus leading to a compromise. It is essential to spread awareness about phishing so that the attacks can be quickly detected and reported. In this work, we present a toolkit developed using only open-source resources that can help build a testbed for phishing, which can be leveraged for training and development. The toolkit has numerous features (such as profile creation, text and image generation, landing page creation and analytics) and has already been used in 7 nonprofits across the world for internal training and development. We present our system design and evaluation in the real world which demonstrates the effectiveness of our toolkit.