Choosing a Landing Page for Your Phishing Campaign
Using landing pages, you have the ability to influence your users’ reaction to a phishing test. Below are the three most common methods of choosing a landing page, including the rationale for each. Choose the best landing page for your organization.
- A page that lets the user know they failed a test, for example, our default “Oops, you clicked on a phishing link” landing page, or our SEI (Social Engineering Indicators) Landing Page. If a phishing test is set to go to everyone all at once (such as on your baseline test), one consequence of using this standard page is that users may start to warn each other about the phishing test taking place. The benefit is that because the page contains an explanation of what took place, Help Desk may receive fewer calls or questions.
- A 404 or similar “nothing happened” page. This type of page will lessen the likelihood that users will warn each other about the test, but may cause more Help Desk calls (“Help Desk, I think the link you sent me is broken”). Because you have full customization ability of your landing pages, you could create a simple page that says “Please disregard the message from IT. The security event has been addressed,” or another relevant message that would calm any concerns the user may have upon clicking the link.
- A fake authentication page for a commonly-used login portal (such as Gmail or Office 365) that is set to redirect the user to the real portal upon submission. We have these ready-made and available in the console for you. This is the most sophisticated approach and it gives two layers of results: those who clicked the phishing links, and those who entered their login credentials after clicking on the links. And because in many cases the user will be redirected to the actual portal in the end, they may never know anything happened.
Remember, you can create your own Landing Page from scratch, or use one of our many built-in pages located under Phishing > Landing Pages > System Landing Pages.