So you decide to spin up a little Amazon VPS and try out a phishing framework on your colleagues. Almost cute in comparison to the infrastructure of a real life national phishing campaign. In the wild, the term 'infrastructure' is used loosely. Malicious phishers compromise a myriad of organisations and use the compromised servers and email accounts to send phishing emails. They mix in bot-nets that are capable of sending emails on their behalf too. It's not just the complicated nature of malicious phishing campaigns that see success, it's the concept of a distributed, ever-changing attack platform - one that is hard to defend against. They are often faced with errors, browser warnings, complaints and have to be agile in order to be effective.

When considering the infrastructure of a campaign at scale, we can learn a lot from nefarious actors. Infrastructure has to be extensive and it has to migrate and redeploy in an instant, sometimes mid-campaign should you encounter a problem. New IP's, new servers, new techniques, new domains, new emails templates are needed on the fly to keep things going.

We can use our expertise to do just this. In fact, we have got things so smooth we found that with AntiPhish we can close down a server, scrub data and migrate mid campaign in about one minute. It is important to think of a phishing campaign as a traditional web service, scaling should incorporate some more traditional elements such as load balancing and redundancy. This can be the difference of your infrastructure assisting you or hindering your campaign.