Menu English (US) Čeština Dansk Deutsch Español (Latinoamérica) Español (España) Suomi Français (Canada) Français (France) हिंदी Magyar Bahasa Indonesia Italiano 日本語 한국어 Bahasa Melayu Nederlands Norsk Polski Português do Brasil Português (Portugal) Română Русский svenska ไทย Türkçe Українська Tiếng Việt 简体中文 繁體中文

How to Create a Clone Phishing Test

Updated:

Created:

Creating a Clone Phishing Test

Clone phishing is a type of phishing attack where cybercriminals send a follow-up email to a legitimate email from a trusted sender. In this email, the cybercriminals claim that the sender forgot to include a link or attachment in the original email. However, the follow-up email isn’t from the original sender but is actually from a cybercriminal, and the link or attachment is malicious.

Without knowing what to look for, your users may fall for this type of attack. However, you can train your users how to identify this type of attack by creating a clone phishing test. You can use your PhishER and KMSAT platforms together to mimic clone phishing attacks.

Jump to:

Create a Phishing Template with PhishER

Create a Clone Phishing Template with KMSAT

Create a Clone Phishing Campaign in KMSAT

 

Create a Phishing Template with PhishER

We recommend creating a clone phishing template by using a real email that your users have reported. Using a reported email your users might have seen can make the follow-up email seem more legitimate and can help your users understand how cybercriminals might use this type of attack.

To create a phishing template with PhishER, follow the steps below:

  1. In your PhishER platform, navigate to PhishER > Inbox.
  2. Select the check box next to the message you want to use to create your clone phishing template.
    Tip: If you find a template that is in your inbox but not in your PhishER inbox, report the email using the Phish Alert button or send the EML file to one of your PhishER reporting addresses. The email will be sent to PhishER, where you will be able to use PhishFlip to create a phishing template.
  3. Click the Run drop-down menu at the top-left corner of the page.
  4. Select the Create KMSAT Template option. This option will remove all the malicious links and attachments from the original template. Then, this template will be added to the PhishFlip category under the My Templates category in your KMSAT console.
    Tip: You can also create a KMSAT template on the Message Details page or the Actions tab. For more information, see our PhishFlip article.

Back to top

 

Create a Clone Phishing Template with KMSAT

Once you’ve created your PhishFlip template with PhishER, you will need to edit the template to include the follow-up message.

To convert the template into a clone phishing template, follow the steps below:

  1. From your KMSAT console, navigate to Phishing > Email Templates.
  2. From My Templates, select the PhishFlip category.
  3. Click the name of the template you would like to convert into a clone phishing template.
  4. In the text box, enter additional text above the original message to make the template look like a follow-up to the original email. For example, you can include the name of the sender who originally replied, the time and date stamp, and a subject line to make it seem like you replied to the original email.

     Original Email

    Modified Email
  5. Add a link or an attachment to the template. This step will help you track whether your users would fall for this type of attack.
  6. We recommend adding social engineering indicators (SEIs) to ensure your users understand what signs indicate a clone phishing attack. For more information on adding SEIs, see the How to Add Red Flags to a Template section of our Social Engineering Indicators (SEIs) article.
  7. Once you are satisfied with your template, click Save.

For more information about editing a phishing template, see the Creating and Editing Email Templates section of our Customizing Emails and Landing Pages article.

Back to top

 

Create a Clone Phishing Campaign with KMSAT

Once you’ve created your clone phishing template, you’re ready to create a campaign to test your users.

To create a clone phishing campaign, follow the steps below:

  1. From your KMSAT console, navigate to the Phishing tab.
  2. Click + Create Phishing Campaign.
  3. Enter a name for your campaign, such as “Clone Phishing Campaign”.
  4. Select the group of users you want to test or if you want to test all your users. We recommend sending this campaign to the users who received the original email.
  5. Select One-time for the Frequency field.
  6. Set the Start Time and Sending Period you would like to use.
  7. Under Template Categories, click the first drop-down menu and select the PhishFlip category.
  8. From the second drop-down menu, select the template you edited in the section above.
  9. Fill out the rest of the fields to customize your campaign.
  10. Click Create Campaign.

Your users will receive a simulated clone phishing template once the campaign starts. You can then monitor the campaign results to see how vulnerable your users are to clone phishing attacks.

For more information about creating a phishing campaign, see our Creating and Managing Phishing Campaigns article. For information on monitoring a phishing campaign, see our How to Monitor and Review Phishing Campaigns article.

Back to top

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles