This was designed to be a phishing exersice I put together for my company. I sent out a fake email that looked like it was coming from the president of the company, only she knew about the exercise. In that email, I gave instructions that the employee must login into their Company Google Account and change a certain setting. I gave a link to that setting, but the link went to the phishing website instead. Once a user clicked the link and tried to log into the portal, that looks very similar to Google’s login portal (September 2018), I would get their credentials in my backend system in plain text format. This would give me instant access to accounts that don’t have 2FA Authentication enabled.
I used this to teach the employees about phishing emails and social engineering. I gave them some tips, noting things to look for when receiving a weird email or an email with links in them. I cannot disclose the result of the exercise but it was a great learning exercise.
Fun Fact: I built this mock system in about three hours using Vue.js, it was fun :)
Some features I want to add:
Project link: https://accounts-google.netlify.com/