A bit of context: What is The Slippery Phish Project? 

a.k.a. TSPP is an awareness campaign about phishing scams. Revealing the underlying and manipulative layer of code that fools millions of people into giving up their personal information, like login credentials or bank information. Primarily focussing on phishing scams like: The Homograph Attack, URL Spoofing, and Typo-squatting.

TSPP uses real phishing techniques but in an ethical way – by not collecting, storing or sharing any of your (victims) personal data. This way we want to educate and empower society into a state of cyber-awareness.


TSPP — Short Abstract

Phishing scams are considered one of the most dangerous forms of cybercrime. Because of the relatively low-level entry and no matter the security level the biggest flaw remains human error.

Today phishing scams have reached unprecedented levels — according to The Anti-Phishing Working Group (APWG) — there were nearly 600,000 unique phishing scams in the first half of 2017. It is believed that phishing now counts for 90 to 95 percent of all successful cyber-attacks worldwide. 

The thing is that our current cybersecurity systems are still failing to stop a threat that has been around for more than 20 years. Scammers are using the same techniques as they did in the 90s, but now with new technologies. Malicious emails and links continue to sneak through spam-filters, firewalls, and other security measures.

To this day there is not a single real solution to phishing, other than awareness.

That being said. People need to know what is out there. They need to experience a phishing scam first-hand and learn how to spot the red flags to protect themselves.

The Slippery Phish Project was created to raise awareness about phishing techniques. For the people, by the people. 

The real question remains: Who is the Slippery Phish? Is it you or the scammer?

TSPP manifesto
Go phishing
Keep it ethical


Share a screenshot of your phish with us, and we can post it on our social platforms. Together we can spread the word and educate society into a state of cyber-awareness!

By sending the simulated phishing links, you agree to the terms of this project and indeed do not intend to do any harm to others.

Here are a few slippery phishes.



How to phish: Right click. Copy the link. Send in a message. Bait and wait.
dropbox login // with green lock
facebook login // WITH GREEN LOCK
marktplaats login // WITHout GREEN LOCK
Willem de Kooning academy // .ML spoof

Stay slippery.

Opt-in to stay informed