Creating a Clone Phishing Test
Clone phishing is a type of phishing attack where cybercriminals send a follow-up email to a legitimate email from a trusted sender. In the follow-up email, the cybercriminals claim that the sender forgot to include a link or attachment in the original email. However, the follow-up email isn’t from the original sender but is actually from a cybercriminal, and the link or attachment is malicious.
To help your users learn about this type of attack, you can create a clone phishing test. You can use your PhishER platform and KMSAT console together to mimic clone phishing attacks.
Create a Phishing Template with PhishER
We recommend creating a clone phishing template by using a real email that your users have reported. Using a real reported email can make the follow-up email seem more legitimate and can help your users understand how cybercriminals might use this type of attack.
To create a phishing template with PhishER, follow the steps below:
- In your PhishER platform, navigate to the Inbox page.
- Select the check box next to the message you want to use to create your clone phishing template.
Tip: If you find an email that is in your email inbox but not in your PhishER Inbox, report the email using the Phish Alert Button (PAB) or send the EML file to one of your PhishER reporting addresses. The email will be sent to PhishER, where you will be able to use PhishFlip to create a phishing template.
- Click the Run drop-down menu at the top-left corner of the page.
- Select the Create KMSAT Template option. This option will remove all the malicious links and attachments from the original template. Then, this template will be added to the PhishFlip category under the My Templates section in your KMSAT console.
Tip: You can also create a KMSAT template on the Message Details page or the Actions tab. For more information, see our How to Use PhishFlip article.
Create a Clone Phishing Template with KMSAT
Once you’ve created your PhishFlip template with PhishER, you will need to edit the template to include the follow-up message.
To convert the template into a clone phishing template, follow the steps below:
- From your KMSAT console, navigate to Phishing > Email Templates.
- From My Templates, select the PhishFlip category.
- Click the name of the template you would like to convert into a clone phishing template.
- In the text box, enter additional text above the original email to make the template look like a follow-up email. For example, you can include the name of the sender who originally replied, the time and date stamp, and a subject line to make it seem like you replied to the original email.
- Add a link or an attachment to the template. This step will help you track whether your users would fall for this type of attack.
- We recommend adding Social Engineering Indicators (SEIs) to ensure your users understand what signs indicate a clone phishing attack. For more information on adding SEIs, see the How Do I Add Red Flags to Templates? section of our Social Engineering Indicators (SEIs) article.
- Once you are satisfied with your template, click Save.
For more information about editing a phishing template, see the Creating and Editing Phishing Email Templates section of our How to Create and Edit Email Templates and Landing Pages article.
Create a Clone Phishing Campaign with KMSAT
Once you’ve created your clone phishing template, you’re ready to create a campaign to test your users.
To create a clone phishing campaign, follow the steps below:
- From your KMSAT console, navigate to the Phishing tab.
- Click + Create Phishing Campaign.
- Enter a name for your campaign, such as “Clone Phishing Campaign”.
- Select the group of users you want to test or if you want to test all your users. We recommend sending this campaign to the users who received the original email.
- For Frequency, select One-time.
- Set the Start Time and Sending Period you would like to use.
- Under Template Categories, click the first drop-down menu and select the PhishFlip category.
- From the second drop-down menu, select the template you edited in the section above.
- Fill out the rest of the fields to customize your campaign.
- Click Create Campaign.
Your users will receive a simulated clone phishing test once the campaign starts. You can then monitor the campaign results to see how vulnerable your users are to clone phishing attacks.
For more information about creating a phishing campaign, see our Creating and Managing Phishing Campaigns article. For information on monitoring a phishing campaign, see our How to Monitor and Review Phishing Campaigns article.