from a legitimate company and ask to provide sensitive information. • Contact through phone call by mimicking the know entity. For example, I am your virtual relationship manager calling from you bank your credit card is block. Kindly share your CCV number and received OTP to activate it. • Using a Phishing kit - It’s a web component. Attackers replicated a known brand or organisation’s legitimate website. Those url will be sent to target by email or other medium. Crowd-sourced lists of known phishing kits https://openphish.com www.phishtank.com