Social Engineering Indicators

Social Engineering Indicators (SEI) Guide

KnowBe4's Social Engineering Indicators (SEI) feature allows every simulated phishing email you send to become a point-of-failure training exercise. It shows your users exactly what Social Engineering Indicators, or red flags, they overlooked when they clicked on a simulated phishing email.

Note: SEI is only available to Platinum and Diamond subscription levels.

Why Should I Use SEI?

SEI reinforces your cybersecurity awareness training efforts by answering the common question from users "How do I know emails are phishing emails?" The point-of-failure feedback they receive does not include vague, generalized tips. What they will see instead is the exact phishing test email they clicked on, pointing out the details that should have raised a red flag for them. This feature enhances and strengthens your security awareness training program.   

How Does it Work?

Once you set up a phishing test with one of our built-in SEI landing pages, and your user fails a phishing test by clicking a link or opening an attachment, they will be taken to the landing page, which will display exactly what red flags should have caused them to be suspicious. 

Sample of SEI Landing Page

Our phishing templates are pre-loaded with red flags to get you started on dynamically training your users through this method.

To preview the red flags on our templates, click on Phishing > Email Templates > System Templates, then click any category to see what templates are in that category. Click the preview button to the right of the template, as shown below:

Previewing System Templates

 

Next, click Toggle Red Flags on the top right of the email template preview to view what Social Engineering Indicators are marked on that particular template. The text of the SEI red flag will appear when you hover over the flagged elements of the email.

Template Preview: Toggle Red Flags

How Do I Set up a Phishing Campaign Using SEI?

Set up a Phishing Campaign as you normally would and select our built-in SEI landing page as the landing page for that campaign. Alternatively, you can make your own SEI landing page. To learn how to create your own SEI landing page, see How Do I Add the SEI Template Placeholder to Another Landing Page?

Choose what categories you'd like to use in the campaign, as well as any other settings you prefer for your test. If you're selecting your own categories of templates rather than our built-in templates, be sure that your templates contain red flags.

 Selecting the SEI Landing Page

 

Can I Use SEI With Any Phishing Template or Landing Page?

Yes! Our phishing templates are pre-loaded with red flags to get you started quickly and easily. You can alter our existing red flags however you wish but keep in mind that after making changes to a System Template, the template will be saved as a new template under the My Templates area.

You can choose an SEI landing page from within the template editor or when you set up the phishing campaign. Choosing the SEI landing page when you set up the phishing campaign is recommended.

For landing pages, we've included SEI landing pages to get you started, but you can easily make your own or edit our other landing pages to include the SEI template placeholder. See: How Do I Add the SEI Template Placeholder to Another Landing Page?

How Do I Add Red Flags to Templates?

You'll want to navigate to the template you'd like to edit under Phishing > Email Templates. Simply click on the title of the template to open the template editor.

You'll notice the option add a red flag around the elements of the template. Simply click on add a red flag to add or edit the red flag. For example, in the LinkedIn template below, an alternative red flag could say The sender email is coming from our domain, rather than LinkedIn.

You can also add red flags to any text, links, or images in the body of the email. To do so, select the text, link, or image and then click the Red Flag button on the menu bar. Enter the text for the red flag as you wish, then click OK.

Example of a Red Flag on Sender Email and Text Within Email Body

 

 Example of a Red Flag on a Link and a Generic Red Flag

  

If you'd like the red flag to be an overall red flag for the whole email template, click the Red Flag button and enter the red flag text, then click the Generic Flag checkbox on.

An example generic red flag for the above template could be This LinkedIn email is vague. If you hover over the link, you will see it doesn't take you to the LinkedIn website. Think before you click!

Once you save your template, you can find it under the Email Templates > My Templates area. Click the eyeball icon to Preview the template, as well as the red flags you created.

Previewing Your Template

 

Click "Toggle Red Flags" to Preview Red Flags

 

 Hover Over Flagged Items to See SEI Text

 

Can I Manually Add a Red Flag Using HTML?

Yes, you can manually add red flags within the body of the phishing template.

To do so, open the template editor for the template you'd like to edit, and click the Source button in the menu bar of the editor. Find where you'd like to enter the red flag.

If you want to mark a red flag on a particular line of text, image, or link, you'll want to contain the item to be flagged within the following code:

<x-sei title="Here is the text of the red flag.">Here is the text, image or link you'd like to mark as a red flag.</x-sei>

If you would like to mark a Generic Flag on the template (an overall explanation of why the user should have been concerned about clicking the links in the email), you can do so with the following code:

<x-sei generic="true" title="Here is where you can place Generic Flag text, to let the users know why they should have known the email was potentially dangerous."></x-sei>

How Do I Add the SEI Template Placeholder to Another Landing Page?

In your landing page editor, there is a drop-down called SEI Placeholders. Click this drop-down and add Red flag indicators to add the placeholder. Wherever you add the placeholder is where the SEI-flagged template will appear. You can also type the placeholder [[template_sei]] anywhere on the landing page if that is easier.

Important: To avoid display issues with SEI placeholders on your landing pages, we recommend using simple HTML code that does not include scripts. As a security measure, the What You See is What You Get (WYSIWYG) editor does not allow you to save certain code or scripts.

You can edit one of our existing landing pages, or create your own from scratch. 

  Landing Page Editor

Once the landing page is finalized, simply click Save. The landing page will be saved under the Phishing > Landing Pages > My Landing Pages area of your console and will need to be placed within a category in order to be utilized.

Where Can I Get a List of Red Flags to Use?

If you'd like, you can use any of our 22 red flags to get started on marking up your templates, or you are free to create your own. Ours are listed below:

SENDER

  1. Were you expecting an email from this sender?Explanation: The email came from a sender that was outside of your organization.
  2. Do you know this sender?Explanation: The email came from a sender that you don't know and is not recognized by anybody in your organization.
  3. Sender email address is from your organization but could be spoofed.Explanation: The sender's email address comes from your organization, a customer, vendor, or partner but is unusual and out of that person's character.
  4. Email domain is strange or suspicious.Explanation: You don't recognize the sender's email address and the domain is strange and unusual.
  5. Email domain is spoofing a popular website or well-known organization.Explanation: The email domain is a weird variation of a popular website or a well-known organization.
  6. Email domain is a misspelling of a popular website or well-known organization.Explanation: The email domain is misspelled.

SUBJECT

  1. Subject line is irrelevant or doesn’t match the content of the email.Explanation: The email has a subject line that does not match the actual content of the email.
  2. Subject line shows a “reply” to something you never sent or requested.Explanation: The email is a reply to an email that was never requested by you.
  3. Subject line shows the message was forwarded to you, but content doesn’t apply to you.Explanation: The email was forwarded to you but the content does not align with your job responsibilities.

CONTENT

  1. Ambiguous salutation. (Example: “Dear user”)Explanation: A generic greeting such as All, Dear Sir/Madam, To whom it may concern.
  2. Tells you to click a link or open an attachment.Explanation: The email is telling you to click a link or open an attachment that seems unusual.
  3. Warns of negative consequence if you don’t complete request.Explanation: The email tells you that there will be a negative consequence that happens if you do not click the link or open an attachment.
  4. Prompts you to complete a request to gain something of value.Explanation: The email tells you that you can win something of value if you click a link or open an attachment.
  5. Spelling/grammar errors.Explanation: Are there obvious spelling and grammar errors in the email?
  6. Sense of urgency. (Example: “Do this now!”)Explanation: The email tells you that you only have a certain amount of time to complete the action.
  7. Do you normally receive this kind of email at work?Explanation: The email is unusual and not something that you normally receive at work. 
  8. Shocking content to entice you to click a link or open an attachment.Explanation: The email is using shocking information to get you to click a link or open an attachment.
  9. Aggressive content to scare you into clicking a link or opening an attachment.Explanation: The email is using aggressive language, and content, to scare you into clicking a link or opening an attachment.

ATTACHMENTS

  1. Attachment is strange or has an enticing title that makes you want to open it.Explanation: The email included an attachment that has an intriguing title or is unnecessary for the content of the email.
  2. Attachment has a possibly dangerous file extension.Explanation: The email included an attachment that has a potentially dangerous file extension.

LINKS

  1. Hover over the link. Link is taking you to a different address than what is shown.Explanation: The link is showing a different address than the one that is shown in the email.
  2. Hover over the link. Link does not take you to the site the email content says it will.Explanation: The link is showing a different website than the one that is shown in the email.

Can't find what you're looking for?

Contact Support