HTW Berlin Fachbereich 4 Cyber-Security & Business Social Engineering Winter Term 2025/26

Lab 6: Phishing

1. Get back together with the person you worked with on OSINT. Your job is now to design a phishing email and a web page that you would deploy in order to obtain domain credentials from the company you have been researching. Who are your targets? Don't use the real names of the people, but note their jobs. Did you already obtain email addresses for these people using OSINT?
2. Design a phishing email that will entice the target to click on a link to a web page that will harvest the credential. Document both the email and the rationale that you have for why you think people will click on the link provided.
3. Design a web page (NOT ON THE OPEN WEB!) that is to appear when people click on the email link. What information do you think you can obtain? Why does the page look the way it does?
4. What domain would you register for publishing this page? DON'T register it, just look to see if it is available. What other pages would you include on the domain to make it look legitimate?
   
5. Determine your success metrics: How many people work for the company, how many do you expect will click on the link?
   

Submit the written PDF report documenting your answers and results and your reflections on the exercise to the Moodle area by 22.00 the evening before our next session. Don't forget to include both names and report formalities such as page numbers and a date! Everyone submits the same copy of the report to the same assignment area!