MALICIOUS DOWNLOADS

#example trigger
root@victim:~$ BROWSER > https://mail.google.com
 FROM: [email protected]
 SUBJECT: OneLogin - [Instructions] Activate your 30 Day OneLogin Trial

 redirect: {evilginx phish URL}

 * note: if users have some email security awareness training, they will be able to identify
   the malicious URLs whenever they hover their mouse on the links
    - if users aren't aware and click the links, they will be sent to the
      specified URLs being served by the evilginx server
    - evilginx will eventually capture anything the victim enters in the HTML fields to include username/password/tokens
       - once everything is captured, evilginx will redirect the user to any specified URLs or site
          - if is best to redirect users to the legitimate site!
PreviousTRIGGERS NextWIFI
Last updated 6 months ago