> For the complete documentation index, see [llms.txt](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/phishing/phishing-awareness-campaign/mastercard/phishing-email-simulation-campaign.md).

# Phishing Email Simulation Campaign

What I did for Mastercard so far:

* Simulated a Phishing Email campaign
* Took original phishing email and made it more believable based on communications from my IT department at my current full time company
* Used generative AI to optimize even further and appear even more believable!

/////////////////////////// Original Phishing Email: ////////////////////////////

From: <mastercardsIT@gmail.com> To: <employee@email.com>  Subject: URGENT! Password Reset Required—

Body:&#x20;

Hello (insert name) ,

Your email account has been compromised. immediate action is required to reset your password!

Click here to reset your password in the next hour or your account will be locked: <https://en.wikipedia.org/wiki/Phishing>

Regards,Mastercard IT

//////////////////////////////////////////////////////////////////////////////////////////// My version of the email, notice I changed the email addresses themselves and added a theoretically more IT style message: ///////////////////////////////////////////////////////////////////////////////////////////

From: <Helpdesk@mastercard.com> To: <employee@mastercard.com>  Subject: Password update required in 15 days

Body:&#x20;

Hello (insert name),

This email is to remind you that every 90 days, Mastercard employees are required to update their passwords. You have 15 days left to reset your password.

Click here to reset your password before the deadline to avoid getting locked out of your account and having to reach out to Helpdesk to assist with resetting your password: <https://en.wikipedia.org/wiki/Phishing>

Regards, Mastercard IT

///////////////////////////////////////////////////////////////////////////////////////////////////////// Generative AI optimized email: ////////////////// ////////////////////////////////////////////////////////////////////////////////////////////

From: <helpdesk@mastercard.com> To: <employee@mastercard.com> Subject: Reminder: Update Your Password Within 15 Days

Hello \[Employee Name],

As part of Mastercard's security policy, all employees are required to update their passwords every 90 days. Our records show that you have 15 days left to reset your password.

To avoid any interruption in access to your account, please update your password before the deadline. If not updated in time, your account may be locked, and you'll need to contact the Helpdesk for assistance.

Please click the link below to reset your password:

\[Reset Your Password]

Thank you for your prompt attention to this matter.

Best regards,

Mastercard IT Support Team

//////////////////////////////////////////////////////////////////////////////////////////// Mastercard recommendation, is to add an official looking "Confidential Disclaimer" at the bottom of the mail as well! ////////////////////////////////////////////////////////////////////////////////////////////

<figure><img src="/files/khhh3x25Tqmjl5anYWEa" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/5zMmekAdnodQ0jENz127" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/rT4nzLFQFnFSOP4n4Jca" alt=""><figcaption></figcaption></figure>
