Room Introduction

The Phishing Pond is designed to build practical phishing-detection skills through a set of real-world email examples. The room teaches how attackers craft deceptive messages and which red flags to look for when reviewing suspicious emails. It focuses on the most common phishing tactics, including urgency in subject lines, look-alike domains, display-name impersonation, malicious attachments, compromised sender accounts, and offers that attempt to gather personal or financial information.

The goal of the lab is simple. Review each email, decide whether it is legitimate or a phishing attempt, and identify the indicators that reveal the attacker’s intent. At the end of the challenge, the final flag is provided once all emails are correctly classified.

Starting the Phishing Analysis

I reached the main interface of the room and began working through the emails. Let’s dive into Level 1.

Level 1

This is a phishing email.
Reason: It impersonates an executive and requests an urgent wire transfer.

Level 2

This is not a phishing email.

Level 3

This is not a phishing email.

Level 4

This is not a phishing email.

Level 5

This is a phishing email.
Reason: Contains an attachment and asks to enable macros.

Level 6

This is a phishing email.
Reason: Contains a suspicious third-party survey link.

Level 7

This is a phishing email.
Reason: Offers require sensitive personal or banking details.

Level 8

This is a phishing email.
Reason: Redirects to a malicious password rest page.

Level 9

This is a phishing email.
Reason: Link uses a deceptive to mimic a payment portal.

Level 10

This is a phishing email.
Reason: Asks to enable macros in an attachment.

Flag

THM{i_phish_you_not}

Thanks for reading. I hope this walkthrough helps sharpen your phishing analysis skills and gives you a clearer view of how real-world email threats operate.