other

Phishing Simulations with GoPhish and Oracle Email Delivery

Gabriel Haab

3 min read
Phishing Simulations with GoPhish and Oracle Email Delivery

Phishing simulations are a critical component of an organization's cybersecurity strategy, helping to train employees on identifying and avoiding malicious emails. With tools like GoPhish and Oracle Email Delivery, setting up a realistic and effective phishing campaign has never been easier—and the best part is that both can be used for free.

In this post, we’ll explore how to integrate GoPhish, an open-source phishing framework, with Oracle’s Email Delivery service to launch your own phishing simulation. Whether you’re an IT administrator testing company defenses or a cybersecurity trainer, this guide will help you get started.

What is GoPhish?

GoPhish is a powerful, user-friendly platform designed for creating and managing phishing simulations. Its feature set makes it ideal for both beginners and seasoned cybersecurity professionals. Some of its standout features include:

  • User-Friendly Dashboard: Intuitive interface for setting up campaigns.
  • Customizable Phishing Templates: Create realistic phishing emails tailored to your target audience.
  • Landing Page Management: Design landing pages that mimic legitimate login screens.
  • Targeted Campaigns: Import and manage recipient lists easily.
  • Real-Time Metrics: Monitor who opens emails, clicks links, and submits credentials in real-time.
  • Open-Source Flexibility: Customize and extend the platform to meet specific needs.

Why Use Oracle Email Delivery?

Oracle Cloud offers a free-tier Email Delivery service that provides reliable email-sending capabilities. It’s perfect for phishing simulations as it ensures high deliverability rates without requiring a complex setup.

Key benefits include:

  • Free-Tier Usage: 1,000 emails per month at no cost.
  • SPF and DKIM Integration: Ensures that your emails pass spam filters, making them more likely to reach recipients' inboxes.
  • Detailed Email Logs: Helps track email delivery success.

Setting Up GoPhish with Oracle Email Delivery

Here’s a step-by-step guide to integrate these tools and start your phishing campaign:

1. Install and Configure GoPhish

  1. Download GoPhish: Go to the github page: https://github.com/gophish/gophish
  2. Run the Server: Follow the installation instructions. The default URL for the GoPhish admin interface is http://localhost:3333.
  3. Login and Set Up: Log in with the default credentials (username: admin, password: gophish), then update your password for security.

2. Create an Oracle Email Delivery Account

  1. Sign Up for Oracle Cloud Free Tier: If you don’t already have an account, create one.
  2. Enable Email Delivery: In the Oracle Cloud dashboard, navigate to "Email Delivery" under the "Networking" section.
  3. Create SMTP Credentials:
    • Go to "Email Configuration" and generate SMTP credentials.
    • Note the SMTP server address (e.g., smtp.email.ap-sydney-1.oci.oraclecloud.com) and your username/password.

3. Integrate Oracle Email Delivery with GoPhish

  1. Set Up a Sending Profile in GoPhish:
    • In the GoPhish dashboard, navigate to "Sending Profiles."
    • Click “New Profile” and enter the SMTP details provided by Oracle Email Delivery.
    • Test the connection to ensure it works.

4. Launch Your Phishing Campaign

  1. Create a Phishing Email Template:
    • Use GoPhish to design a realistic email that mimics common phishing attempts (e.g., a password reset request or a fake invoice).
  2. Design a Landing Page:
    • Create a landing page where users will be redirected after clicking a link. GoPhish lets you easily create pages that look like login portals for popular platforms.
  3. Upload a Recipient List:
    • Import a CSV file containing the email addresses of your test users.
  4. Run the Campaign:
    • Start your campaign and monitor its progress in real-time. GoPhish provides detailed metrics, such as open rates and click-through rates.

Conclusion

With GoPhish and Oracle Email Delivery, creating phishing simulations is straightforward and cost-effective. These tools enable cybersecurity teams to better understand employee vulnerabilities and improve awareness. By leveraging GoPhish’s robust feature set and Oracle’s reliable email delivery service, you can execute highly realistic campaigns to bolster your organization’s defenses against real-world phishing threats.