0130 min · Talk
How attackers think
Business model, supply chains, tooling. Who sells what to whom — from phishing kits to initial access.
Phishgate · Training
Two hours. Real attacks shown from the attacker's seat. After the session your team spots phishing instantly — and understands how criminal crews actually steal credentials.
This domain was registered 11 minutes ago and impersonates login.microsoftonline.com.
The threat
94% of cyberattacks start with an email. Attackers buy lookalike domains, clone login pages, optimise click-through rates and rent MFA-bypass kits monthly. We show your team how this industry works — from the inside.
Curriculum
We show the attack instead of just warning about it. Hands-on, with live demo, no fearmongering.
Business model, supply chains, tooling. Who sells what to whom — from phishing kits to initial access.
We build a cloned Microsoft login in front of your team, send the email and capture credentials plus MFA token.
Read headers, check domains, deconstruct urgency and tone. Six patterns anyone will remember.
Who gets told when. How to report. What to do once you've already clicked — the first 10 minutes.
Live demo
An excerpt from the session. Three steps from bait to takeover — and where Phishgate steps in.
Click here to confirm your sign-in.
https://micros0ft-id.com/verify…
Sender 'IT support'. Subject: 'Your password expires in 24h'. Domain off by one letter.
Pixel-perfect copy of Microsoft sign-in. Credentials and MFA code stream straight to the attacker.
Blocked.
Domain 11 min old · Microsoft impersonation · 80 ms
The browser extension flags the domain in 80 ms and stops typing — before a single character leaves the device.
Agenda
Who has received a phishing mail before?
Business model, tools, market prices.
Cloned login page + MFA bypass.
Six real emails — find the phishing.
Reporting, immediate steps, communication.
Open floor. Even uncomfortable questions.
Plans
Both formats, identical content: 2 hours of live training in German or English. Recording and employee handout included.
per session
1 session · 2 hours
Up to 25 attendees
per session
1 session · 2 hours · on-site
Up to 25 attendees
Both plans incl. VAT · payment after the session · free cancellation up to 7 days before.
FAQ
Talk (30 min), live demo of a real phishing attack (30 min), hands-on detection drills (30 min), incident behaviour and Q&A (30 min).
Identical content. Remote runs via Microsoft Teams, Zoom or Google Meet. On-site we come to your premises; within 100 km of Nuremberg there's no surcharge, beyond that we charge €1 per kilometre travelled.
Both plans are designed for up to 25 people. For maximum interaction we recommend groups of 10–20. Larger groups on request.
Yes, both plans include a recording available for 30 days, so absent employees can catch up.
Yes. The live demo only uses test domains we control. No real employee data is processed.
Invoice with 14 days payment term. Payment after the session. Travel costs for on-site sessions are listed separately.
Request a session
One business day response time. Before booking you'll have a 48-hour-prep call with your trainer to align content.
Prefer to write to us directly? [email protected] →
Request a session, align with your trainer, train in two weeks. Pay only after the session.