Wear a hat as a Victim

Updated on

In this section, you will go through the experience as a victim. You will open the email using outlook, open the attachment etc., all the steps what victim had gone through.

This attack is phishing email turned into a ransomware.

1. Brief Instructions

  1. Set up outlook without an email account. For more instructions in detail, see next steps
  2. Open & Export, Import from another program or file
  3. Import Outlook Data File (.pst) located C:\Users\Public\Desktop\Carter.Hale
    • Note: Please be sure to import pst file from the given location.
  4. Open the Word document attachment in the email from [email protected]

2. Elaborated Instructions

  1. Double click the shortcut on the desktop named "Outlook No Account"

3. Import/Export

2. After Outlook has been launched, click on File in the Outlook window

3. Select Open & Export then select Inport/Export

4. Import from another program

4. Select Import from another program or file

5. Click on Next

5. Select Outlook Data File

6. Select Outlook Data File (.pst)

6. Browse to file

Note: Don't click anywhere other than Browse

7. Click on Browse...

7. Open .pst file

8. Type in the Windows explorer browser. 

  • C:\Users\Public\Desktop\ then hit Enter

Note: It is important that you type the exact location.

Tip: If you are using Horizon client (not browser), you can copy/paste this location from this guide to TestDrive user experience environment.

9. Select Carter.Hale (This is the outlook pst file)

10. Click on open

8. Verify File

Note: Verify that you are importing the correct pst file Carter.Hale.pst

11. Click on Next, then click on Finish

9. Finish

12. After the import has completed, click on Inbox

10. Open Attachment

13. [Optional] Read the 1st email from [email protected]

14. Click and open attachment, the Word document

15. Click on Enable Editing

11. Enable Content

16. Click on Enable Content

Note: You will see Google Chrome and notepad opened up automatically. It is part of the user experience.  This is explained in the "Attack Stages" section