The explanation in an interesting article by James Coote

Dear security experts, paladins of incident response who spend your days fighting against phishing campaigns, have you ever wondered how it is made a phishing campaign?

This very accurate article by James Coote explains step by step how the bad guys create a perfect phishing campaign using PhishLulz, an Amazon AWS account, a brand new Gmail account and a disposable email.

The steps

  1. Create your free Amazon AWS account
  2. Create Billing Alarm
  3. Prepare EC2
  4. Preparing your host machine
  5. Customise the Phishlulz codebase
  6. Create free phishing domain
  7. Clone the Phishlulz AMI
  8. Create a new Phishlulz AWS Instance
  9. Create a new Gmail account
  10. Create a new Phishlulz Campaign
  11. Running our Campaign

The full article