Phishing - Phishmas Greetings | Advent of Cyber 2025 - Day 12

This guide contains the answer and steps necessary to get to them for the Phishing - Phishmas Greetings room.

Classify the 1st email, what's the flag?

In the first mail we can see a fake invoice from Paypal (legit), it creates a sense of urgency, and it spoofed the TBFC domain.

Click for answer
THM{yougotnumber1-keep-it-going}
Classify the 2nd email. What's the flag?

In the second email we can see there is an attachment. The emails appears to come from TBFC domain and is impersonating someone.

Click for answer
THM{nmumber2-was-not-tha-thard!}
Classify the 3rd email. What's the flag?

In the third email, we notice a sense of urgency. It impersonates someone from the company and uses social engineering to convice an action.

Click for answer
THM{Impersonation-is-areal-thing-keepIt}
Classify the 4th email. What's the flag?

The fourth email is impersonating someone from the company while using an external sender domain. It uses social engineering to convince activities.

Click for answer
THM{Get-back-SOC-mas!!}
Classify the 5th email. What's the flag?

The fifth email is more focussed on generating leads for the specified company.

Click for answer
THM{It-was-just-a-sp4m!!}
Classify the 6th email. What's the flag?

In the sixth email we can see they are trying to impersonate the company using punycoding. And they use social engineering to elicit a response.

Click for answer
THM{number6-is-the-last-one!-DX!}
If you enjoyed today's room, you can explore the Phishing Analysis Tools room in detail!

Phishing - Phishmas Greetings Banner

Phishing - Phishmas Greetings Logo

This guide contains the answer and steps necessary to get to them for the Phishing - Phishmas Greetings room.

Classify the 1st email, what's the flag?

In the first mail we can see a fake invoice from Paypal (legit), it creates a sense of urgency, and it spoofed the TBFC domain.

Click for answer
THM{yougotnumber1-keep-it-going}
Classify the 2nd email. What's the flag?

In the second email we can see there is an attachment. The emails appears to come from TBFC domain and is impersonating someone.

Click for answer
THM{nmumber2-was-not-tha-thard!}
Classify the 3rd email. What's the flag?

In the third email, we notice a sense of urgency. It impersonates someone from the company and uses social engineering to convice an action.

Click for answer
THM{Impersonation-is-areal-thing-keepIt}
Classify the 4th email. What's the flag?

The fourth email is impersonating someone from the company while using an external sender domain. It uses social engineering to convince activities.

Click for answer
THM{Get-back-SOC-mas!!}
Classify the 5th email. What's the flag?

The fifth email is more focussed on generating leads for the specified company.

Click for answer
THM{It-was-just-a-sp4m!!}
Classify the 6th email. What's the flag?

In the sixth email we can see they are trying to impersonate the company using punycoding. And they use social engineering to elicit a response.

Click for answer
THM{number6-is-the-last-one!-DX!}
If you enjoyed today's room, you can explore the Phishing Analysis Tools room in detail!

Table of contents