Activity 3: Going Phishing!

---

You are going to create a fake phishing attack that is going to target Dr. Polanco. You must screenshot your fake phishing attack, and you can use either email or smishing (please don’t call me, smishing will require you to find my phone number). These are the guidelines:

• You can actually try sending this to me, but you cannot use a Kit submission (I need to open all of those).
• The link should just be to a YouTube video, keep it appropriate. I should know this video is for a phishig attack.
• This is for purely academic purposes, it is meant to be fun. I may give a prize if someone successfully gets me to open the video.
• You should adhere to all rules set by Kalamazoo College's IT Policy.

You must screenshot your fake email and it should be submitted to Kit along with the following questions.

Questions

1. What is the context of your phishing email (i.e., bank, IRS, etc.)?
2. What psychological techniques or social engineering tactics did you use in your message?
3. What visual or stylistic choices did you use to make the email look convincing?
4. What kind of YouTube video did you use to simulate this, and how did you disguise it?
5. How would a careful user detect that your email is a phishing attempt?
6. How did this exercise help you better understand phishing attacks and defenses?
7. If you were building an anti-phishing training program, what lesson or take away would you highlight based on your phishing attack?