mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-18 21:49:40 +03:00
2.7 KiB
2.7 KiB
Standards & References: Phishing Simulation with GoPhish
Legal & Compliance Framework
- Computer Fraud and Abuse Act (CFAA): Ensure written authorization before conducting simulations
- GDPR (EU): Data protection requirements for handling employee email addresses and click data
- CCPA (California): Employee data privacy considerations
- Company Acceptable Use Policy: Must align simulation with organizational policies
Industry Standards
- NIST SP 800-50: Building an Information Technology Security Awareness and Training Program
- NIST SP 800-16: Information Technology Security Training Requirements
- SANS Security Awareness Maturity Model: Five levels from non-existent to metrics framework
- ISO 27001:2022: A.6.3 - Information security awareness, education and training
MITRE ATT&CK References
- T1566.001: Phishing: Spearphishing Attachment
- T1566.002: Phishing: Spearphishing Link
- T1598: Phishing for Information
- T1204.001: User Execution: Malicious Link
- T1204.002: User Execution: Malicious File
GoPhish Technical Reference
API Endpoints
| Endpoint | Method | Description |
|---|---|---|
/api/campaigns/ |
GET | List all campaigns |
/api/campaigns/ |
POST | Create new campaign |
/api/campaigns/{id} |
GET | Get campaign details |
/api/campaigns/{id}/results |
GET | Get campaign results |
/api/campaigns/{id}/summary |
GET | Get campaign summary |
/api/templates/ |
GET/POST | Manage email templates |
/api/pages/ |
GET/POST | Manage landing pages |
/api/smtp/ |
GET/POST | Manage sending profiles |
/api/groups/ |
GET/POST | Manage user groups |
/api/import/email |
POST | Import email template |
/api/import/site |
POST | Import/clone website |
Campaign Event Types
| Event | Description |
|---|---|
| Email Sent | Email delivered to target |
| Email Opened | Tracking pixel loaded |
| Clicked Link | User clicked phishing URL |
| Submitted Data | User entered credentials |
| Email Reported | User reported via plugin |
Phishing Simulation Best Practices
- Always obtain written authorization from executive management
- Coordinate with IT/security teams to whitelist simulation infrastructure
- Start with easier-to-identify phishing and increase difficulty gradually
- Never punish employees for failing - focus on education
- Provide immediate training after user interaction
- Run campaigns regularly (monthly/quarterly) for sustained awareness
- Vary scenarios across campaign types (credential harvesting, attachment, link)
- Respect opt-outs where legally required
- Protect campaign data - treat click/submit data as sensitive
- Report metrics anonymously when possible at department level