The Phish Has Landed

The domain has been acquired, the landing page crafted, and the framework in place. However, when you go to enjoy your phishing trip you discover that the domain has been burned. A domain you have been maturing for months or years is no longer useful and you have to start over.

Recently on a phishing trip, this exact thing happened. I had followed a formula I had been using for other campaigns with no issues, but somewhere something went wrong. Unfortunately, unless you know the source code of Defender, SafeLinks, or other security measures there is no real way to know the specifics of what is going on under the hood when a landing page or email get evaluated.

However, here is a little chart that can give you some phishing food for thought. I won't give the specific domain names for confidentiality reasons, but none of the domains used came close to being considered "domain impersonation".

As you can see, phishing has no set formula. There are definitely tips and tricks you can do to help improve your chances of the email landing, but there no sure guaranteed. You might be thinking, "But Domain3 landed!" This time, yes. The frustrating and exciting part is in a month- it may not.