FAQs and Troubleshooting

Phishing Campaign Attachments Overview

Using your KnowBe4 console, you can test your users with many different attack vectors. One of the ways you can test your users is to add attachments to your phishing tests to see whether or not your users will open them.

If you don't want your users to be tested with phishing emails that include attachments, you can disable any attachment attack vectors from the Phishing section of the Account Settings page. See this article to learn more. 

A list of all our attachment types, the different failures they record, and a brief description of what your users will experience is shown below:

Note: While these attachments can be renamed, the contents of the attachments can't be customized. 
Attachment Type File Extension Failure Types Recorded User Experience
Word Document .docx Attachment Opened, Clicked The file will contain a prompt for the user to click a link in order to view the document.
Word Document with Macro .doc, .docm Attachment Opened, Macros Enabled, Clicked

The file will prompt the user to enable macros to view the content of the file. If they enable macros, they will be taken to the landing page selected on the phishing campaign or template. The macros are beaconized to "call home" to our servers in order to track that macros were enabled. The file will also prompt the user to click a link. If the user clicks the link, they will also be taken to the selected landing page.

The .docm version can be used if the .doc version is causing an additional warning prompt for your users.

PowerPoint Document .pptx Attachment Opened The file will contain steps for the user to follow to view the PowerPoint presentation. This attachment will not take the user to a landing page.
PowerPoint Document with Macro .pps Attachment Opened, Macros Enabled If the user clicks on content in the file, they will be prompted a second time to enable macros to view content. If they enable macros, they will be taken to the landing page selected on the phishing campaign or template. The macros are beaconized to "call home" to our servers in order to track that macros were enabled. 
Excel Document .xlsx Attachment Opened, Clicked The file will contain a prompt for the user to click a link in order to view the document. If they click the link, they'll be taken to the landing page selected on the phishing campaign or template.
Excel Document with Macro .xls, .xlsm Attachment Opened, Macros Enabled, Clicked

The file will prompt the user to enable macros to view the content of the file. If they enable macros, they will be taken to the landing page selected on the phishing campaign or template. The macros are beaconized to "call home" to our servers in order to track that macros were enabled. The file will also prompt the user to click a link. If the user clicks the link, they will also be taken to the selected landing page.

The .xlsm version can be used if the .xls version is causing an additional warning prompt for your users.

PDF .pdf Attachment Opened, Clicked Initially, the file will prompt the user to allow a connection request. If allowed by the user, the attachment will be tracked as opened. Once opened, the file will contain a prompt for the user to click a link in order to view the document. If they click the link, they'll be taken to the landing page selected on the phishing campaign or template.
Zipped Word Document .zip Attachment Opened, Clicked After the file is unzipped and opened, the user will be prompted to click a link in order to view the document. If they click the link, they'll be taken to the landing page selected on the phishing campaign or template.
Zipped Word Document with Macro .zip Attachment Opened, Macros Enabled, Clicked After the file is unzipped and opened, the user will be prompted to enable macros to view the content of the file. If they enable macros, they will be taken to the landing page selected on the phishing campaign or template. The macros are beaconized to "call home" to our servers in order to track that macros were enabled. The file will also prompt the user to click a link. If the user clicks the link, they will also be taken to the selected landing page.
Zipped PowerPoint Document .zip Attachment Opened After the file is unzipped and opened, the user will be presented with steps to view the PowerPoint presentation. This attachment will not take the user to a landing page.
Zipped PowerPoint Document with Macro .zip Attachment Opened After the file is unzipped and opened, the user will be prompted to enable macros to view the content of the file. If they enable macros, they will be taken to the landing page selected on the phishing campaign or template. The macros are beaconized to "call home" to our servers in order to track that macros were enabled.
Zipped Excel Document .zip Attachment Opened, Clicked After the file is unzipped and opened, the user will be prompted to click a link in order to view the document. If they click the link, they'll be taken to the landing page selected on the phishing campaign or template.
Zipped Excel Document with Macro .zip Attachment Opened, Macros Enabled, Clicked After the file is unzipped and opened, the user will be prompted to enable macros to view the content of the file. If they enable macros, they will be taken to the landing page selected on the phishing campaign or template. The macros are beaconized to "call home" to our servers in order to track that macros were enabled. The file will also prompt the user to click a link. If the user clicks the link, they will also be taken to the selected landing page.
Zipped PDF .zip Attachment Opened, Clicked After the file is unzipped and opened, the user will be prompted to click a link in order to view the document. If they click the link, they'll be taken to the landing page selected on the phishing campaign or template.
HTML File .html Attachment Opened, Clicked After the file is downloaded and opened, the user will see a short line of text before the page automatically redirects to the landing page selected on the phishing campaign or template. 
HTML File with Link .html Attachment Opened, Clicked After the file is downloaded and opened, the user will be prompted to click a link. If the user clicks the link, they'll be taken to the landing page selected on the phishing campaign or template.
Note: If a user opens an Office attachment but does not “enable editing”, the attachment may not track as being opened. If a user is previewing or viewing an attachment outside of its native program, this may not be tracked as an attachment open. However, if the user clicks on the link within the attachment, you may see a “click” failure. Visit our Why are my attachments not showing as open article for more information.

Can't find what you're looking for?

Contact Support