Dashboard
Account π
Sign Up
Login
Global Leaderboard
Game Vault
Badge Backpack
Blue Team Glossary
Login and start playing
Leaving so soon?
×
You really want to log out? We were having so much fun!
Home
βΊ
Glossary
βΊ
Security Concepts
βΊ
phishing-campaign
phishing-campaign
Security Concepts
Definition
A phishing campaign is a **coordinated series of phishing attacks** that share a common goal, theme, or infrastructure, designed to trick multiple targets over a period of time. Instead of sending one-off phishing emails, attackers plan a campaign much like a marketing team would β picking a target audience, crafting believable messages, and using consistent βbrandingβ to increase their success rate. Typical characteristics of a phishing campaign include: * **Common lure** β A repeated theme, like fake bank alerts, unpaid invoices, or urgent security notices. * **Shared infrastructure** β The same lookalike domains, IP addresses, or hosting services across messages. * **Multiple delivery waves** β Emails, texts, or calls sent in batches over days or weeks. * **Automation** β Mailing lists, phishing kits, and scripts to send thousands of messages. * **Goal alignment** β Credential harvesting, malware delivery, or initiating fraud. Example: An attacker might register `secure-paypal-login.com`, host a fake PayPal login page, and send 50,000 emails with the subject βYour account has been suspended β verify now.β The campaign may run for weeks, with tweaks to the message or website if early versions are blocked. In investigations, recognizing a phishing campaign often means: * Spotting multiple phishing emails with the same sender patterns or wording. * Seeing several domains pointing to the same IP over a short time frame. * Detecting recurring malware file hashes in attachments. * Linking different victims through shared phishing indicators. Real-world examples: * **Operation Phish Fry (2009)** β Targeted financial institutions worldwide using hundreds of spoofed domains. * **Office 365 Credential Harvesting Campaigns** β Continuous waves of fake login portals sent to corporate users to steal cloud credentials. * **Google Docs Phish (2017)** β Large-scale, highly convincing phishing links disguised as document sharing requests. Further reading: * CISA: [https://www.cisa.gov/spotlight-phishing](https://www.cisa.gov/spotlight-phishing) * Microsoft Security Blog on Phishing Campaigns: [https://www.microsoft.com/security/blog/tag/phishing/](https://www.microsoft.com/security/blog/tag/phishing/) * MITRE ATT\&CK (T1566 β Phishing): [https://attack.mitre.org/techniques/T1566/](https://attack.mitre.org/techniques/T1566/) * Proofpoint Threat Reports: [https://www.proofpoint.com/us/resources/threat-reports](https://www.proofpoint.com/us/resources/threat-reports)
Explore More Terms
hack-and-leak
Indicent Response
influence-operations
windows-event-ids
shimcache (appcompatcache)
$ Loading KC7 Investigation Interface...
.png)
