If you’re looking to enter any field in cybersecurity, you’ll want to learn the basics of phishing attacks. In this phishing course, you will learn how to craft the perfect phishing email and defend against these increasingly clever social engineering attempts.

Course Content

1.1 Introduction


Module 1 Recon
2.1 Common Phishing Techniques


Module 2: Getting Organized
3.1 Social Engineer's Toolkit (SET)


Module 3: Automating Your Emails
4.1 Stopping Phishing Attacks


Module 4: Stopping Phishing Attacks
1.2 Recon


Module 1 Recon
2.2 Time to Go Phishing


Module 2: Getting Organized
3.2 Attacking With SET


Module 3: Automating Your Emails
4.2 Conclusion


Module 4: Stopping Phishing Attacks
1.3 The Harvester


Module 1 Recon
3.3 Watching the Attack


Module 3: Automating Your Emails
1.4 Recon-NG


Module 1 Recon
1.5 Using Recon-NG


Module 1 Recon
Course Description

Welcome to Cybrary’s phishing course. This course is intended for people of all skill levels, with no prior knowledge or experience needed. In this phishing training course, you will learn the basics of phishing, how and why phishing continues to work, how to craft the perfect phishing email and what you can do to defend against these increasingly clever social engineering attempts. Social engineering attacks are still the number one method of entry into an organization's network and systems by both penetration testers (ethical hackers) and adversaries.

Phishing attacks are just one way that a social engineering attack can be performed, and are designed to take advantage of the human element in cybersecurity.

Cybrary’s phishing course is an introductory course into phishing attacks and is intended for anyone in the cybersecurity field, including red and blue team members, and end users. In this course you will learn the basics behind phishing, why it works and what you can do to defend against it.

This course is designed to help the red team craft the perfect phishing email, that guarantees click through and increases chances of getting into the network on your first attempt. After learning how these types of attacks work, blue team members will also be able to educate their users and lower the success rate of these types of attacks on their network.

Social Engineers continue to use phishing to attack network because it is guaranteed to work. According to the 2018 Verizon DBIR report, “Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasizing the need for ongoing employee cybersecurity education.”

What is Involved in this Online Phishing Training Course?

In this online phishing training, you will learn to use phishing to test and educate your organization’s employees about phishing schemes and how to avoid them. The objectives you will cover in this class include learning the basics of phishing, how and why it works, how to craft the perfect phishing email, and how you can protect your organization and its employees against such cyberattacks.

This course is ideal for IT professionals who are responsible for training network users how to be safe and vigilant against cyber criminals for the protection of the organizations they work for. The course is a total of one hour, thirty minutes of clock time, and you will receive a Certificate of Completion upon finishing the training.

What’s the Purpose of a Phishing Scheme?

Phishing attacks are commonly used by adversaries, utilizing email (or sometimes text or phone) to gain access to an organization’s network. The victims are messaged by someone pretending to be a trusted entity, often using the name of a real person, or company with which the victim does business. The attacker lures individuals into providing personal and financial information such as social security numbers, account numbers, credit card account details, passwords, and other sensitive data. This often results in identity theft and monetary loss. Adversaries may also trick the victim into wiring large sums of money for fake invoices.

Phishing attacks have increased over the years and it remains the number one attack vector for adversaries.

Why Does Phishing Work?

At the heart of phishing is the use of social engineering. Social engineering relating to information security is defined as using deception to manipulate someone into providing sensitive personal data that can be used fraudulently. The key to successful social engineering is the manipulation. Phishing works because people are presented with scams and attacks that look legitimate and instill trust, often because the entity that it is supposedly from is a real organization that the target does business with.

How Do You Prevent Phishing?

The best way to prevent your employees from falling victim to phishing scams is through anti-phishing training along with simulated phishing that prompts targeted follow-up education.

Simulated social engineering and phishing is one way that you can assess your team’s knowledge and susceptibility to these types of malicious cyberattacks. By creating phishing exploits that look like actual malicious threats and learning which employees become victims by clicking a link in the email, you will be able to educate those employees so they can differentiate between phishing emails and legitimate ones.

How Does Phishing Your Employees to Improve Security Work?

Deploying a phishing simulation against the users in your organization may seem like a process in which you are trying to “catch” someone doing something wrong (to the employees, at least), but it’s really the most effective way to know what your organization’s phishing-related vulnerabilities are and a way to educate your employees about this type of attack.

You can hire third-party organizations to perform phishing tests on the users at your company, however, with Cybrary’s course on phishing, you will easily be able to do this for your own organization.

This course is part of a Career Path:
No items found.

Instructed by

Dustin Parry

My current role is a network security engineer but like many of us in security, I wear many hats. I perform forensics, threat and network hunting, intel, malware analysis and remediation, vulnerability scanning and management, red teaming, along with helping to write and rewrite policies and guidelines.

I’ve been in IT for over 10 years, everything from help desk, networking, hardware repair, and I finally moved into a security role a few years ago. One of my favorite things to do is phishing simulations.

I grew up always interested in figuring out how things work and how to make them work in ways that may not have been intended. I graduated with my Bachelor’s in IT - Security in 2018 from Western Governors University. There I earned many industry certifications, including Comptia’s A+, Net+, Sec+, Linux+, Cisco CCENT, CCNA and CCNA Security, several CIW certs, LPIC-1 and the Infosec 4011. I’ve also been working towards my OSCP now that I’ve got a little more free time. When I’m not working in security, listening to security podcasts or researching the newest threats, I’m usually spending time with my daughter, taking photos or working on old cars. I love to hike and enjoy the outdoors as much as possible.

Cybrary Logo
Certification Body
Certificate of Completion

Complete this entire course to earn a Phishing Certificate of Completion