Social Engineering Indicators (SEI):
Point of Failure Training for Your Users
KnowBe4's Social Engineering Indicators (SEI) feature allows every simulated phishing email you send to become a point-of-failure training exercise. It shows your user exactly what social engineering indicators, or red flags, they overlooked when they clicked on a simulated phishing email.
Note: SEI is only available to Platinum and Diamond subscription levels.
- Why Should I Use SEI?
- How Does it Work?
- How Do I Set up a Phishing Campaign Using SEI?
- Can I Use SEI with Any Phishing Template or Landing Page?
- How Do I Tag a Template with Red Flags?
- Can I Manually Add a Red Flag Using HTML?
- How Do I Add Red Flags to Templates?
- How Do I Add the SEI Template Placeholder to Another Landing Page?
- Where Can I Get a List of Red Flags to Use?
Why Should I Use SEI?
SEI reinforces your cyber security awareness training efforts by answering the common question from users "How do I know emails are phishing emails?" The point-of-failure feedback they receive does not include vague, generalized tips. What they will see instead is the exact phishing test email they clicked on, pointing out the details that should have raised a red flag for them. This feature enhances and strengthens your security awareness training program.
How Does it Work?
Once you set up a phishing test with one of our built-in SEI landing pages, and your user fails that phishing test by clicking one of the links, they will be taken to the landing page, which will display exactly what red flags should have caused them to be suspicious.
Sample of SEI Landing Page
Our phishing templates are pre-loaded with red flags already to get you started on dynamically training your users through this method. (English and Spanish language templates only, currently).
To preview the red flags on our templates, click on Phishing-->Email Templates-->System Templates, then click any category to see what templates are in that category. Click the preview button to the right of the template, as shown below:
Previewing System Templates
Next, click Toggle Red Flags on the top right of the email template preview to view what social engineering indicators are marked on that particular template.The text of the SEI red flag will appear when you hover over the flagged elements of the email.
Template Preview: Toggle Red Flags
How Do I Set up a Phishing Campaign Using SEI?
Simply set up a Phishing Campaign as you normally would and select our built-in SEI landing page as the landing page for that campaign. (Alternatively, you can easily make your own SEI landing page to use. See: How Do I Add the SEI Template Placeholder to Another Landing Page?)
Choose what categories you'd like to use in the campaign, as well as any other settings you prefer for your test. If you're selecting your own categories of templates rather than our built-in templates, be sure that your templates contain red flags.
Selecting the SEI Landing Page
Can I Use SEI With Any Phishing Template or Landing Page?
Yes! Our phishing templates are pre-loaded with red flags already to get you started quickly and easily. However, you can alter our existing red flags however you wish (upon saving changes to the System Template, the template will be saved as a new template under the My Templates area).
You can choose an SEI landing page at the template level (from within the template editor of a single template) or at the phishing campaign level (when you set up the phishing campaign). Choosing the SEI landing page at the phishing campaign level is recommended.
For landing pages, we've included SEI landing pages to get you started, but you can easily make your own or edit our other landing pages to include the SEI template placeholder. See: How Do I Add the SEI Template Placeholder to Another Landing Page?
How Do I Add Red Flags to Templates?
You'll want to navigate to the template you'd like to edit under Phishing-->Email Templates. Simply click on the title of the template to open the template editor.
You'll notice the option "add a red flag" around the elements of the template. Simply click on "add a red flag" to add or edit the red flag. For example, in the LinkedIn template below, an alternative red flag could say "The sender email is coming from our domain, rather than LinkedIn".
You can also add red flags to any text, links, or images in the body of the email. To do so, select the text, link, or image and then click the Red Flag button on the menu bar. Enter the text for the red flag as you wish, then click OK.
Example of a Red Flag on Sender Email and Text Within Email Body
Example of a Red Flag on a Link and a Generic Red Flag
If you'd like the red flag to be an overall red flag for the whole email template, click the Red Flag button and enter the red flag text, then click the Generic Flag checkbox on.
An example generic red flag for the above template could be "This LinkedIn email is vague. If you hover over the link, you will see it doesn't take you to the LinkedIn website. Think before you click!"
Once you save your template, you can find it under the Email Templates-->My Templates area. Click the eyeball to Preview the template, as well as the red flags you created.
Previewing Your Template
Click "Toggle Red Flags" to Preview Red Flags
Hover Over Flagged Items to See SEI Text
Can I Manually Add a Red Flag Using HTML?
Yes, you can manually add red flags within the body of the phishing template.
To do so, open the template editor for the template you'd like to edit, and click the Source button in the menu bar of the editor. Find where you'd like to enter the red flag.
If you want to mark a red flag on a particular line of text, image, or link, you'll want to contain the item to be flagged within the following code:
<x-sei title="Here is the text of the red flag.">Here is the text, image or link you'd like to mark as a red flag.</x-sei>
If you would like to mark a Generic Flag on the template (an overall explanation of why the user should have been concerned about clicking the links in the email), you can do so with the following code:
<x-sei generic="true" title="Here is where you can place Generic Flag text, to let the users know why they should have known the email was potentially dangerous."></x-sei>
How Do I Add the SEI Template Placeholder to Another Landing Page?
In your landing page editor, there is a dropdown called SEI Placeholders. Simply click this dropdown and add "Red flag indicators" to add the placeholder. Wherever you add the placeholder is where the SEI-flagged template will appear. You can also type the placeholder [[template_sei]] anywhere on the landing page if that is easier.
You can edit one of our existing landing pages, or create your own from scratch.
Landing Page Editor
Once the landing page is finalized, simply click Save. The landing page will be saved under the Phishing-->Landing Pages-->My Landing Pages area of your console and will need to be placed within a category in order to be utilized.
Where Can I Get a List of Red Flags to Use?
If you'd like, you can use any of our 22 red flags to get started on marking up your templates, or you are free to create your own. Ours are listed below:
- Were you expecting an email from this sender?
- Do you know this sender?
- Sender email address is from your organization, but could be spoofed.
- Email domain is strange or suspicious.
- Email domain is spoofing a popular website or well-known organization.
- Email domain is a misspelling of a popular website or well-known organization.
- Subject line is irrelevant or doesn’t match content of email.
- Subject line shows a “reply” to something you never sent or requested.
- Subject line shows the message was forwarded to you, but content doesn’t apply to you.
- Ambiguous salutation.
- Tells you to click a link or open an attachment.
- Warns of negative consequence if you don’t complete request.
- Prompts you to complete request to gain something of value.
- Spelling/grammar errors.
- Sense of urgency.
- Do you normally receive this kind of email at work?
- Shocking content to entice you to click link or open attachment.
- Aggressive content to scare you into clicking link or opening attachment.
- Attachment is strange or has enticing title that makes you want to open it.
- Attachment has a possibly dangerous file extension.
- Hover over the link. Link is taking you to a different address than what is shown.
- Hover over the link. Link does not take you to the site the email content says it will.