Phishing for Sensitive Information

You can send phishing emails with a link to a customized landing page that prompts your users to enter sensitive information. We provide built-in templates that include a data entry landing page or you can create your own data entry landing page to phish your users for sensitive information.

How Does it Work?

When phishing for sensitive information, if a user clicks on a link in an email, they will be redirected to a customized landing page with a form that asks the user to enter sensitive data. When the user submits the form, they will be redirected to a secondary landing page. The secondary landing page will tell the user that they failed the simulated phishing test or it will redirect to another page. We will track if the user clicks on the phishing link and whether or not the user entered data. This information is compiled into a report that can be viewed or exported from the Phishing Security Test reports.

Using Built-In Email Templates

We have two email template categories that use customized landing pages that prompt the user to enter sensitive data. When you create a new phishing campaign, under the Categories drop-down, you can find our Phishing for Sensitive Information and Data Breach categories. You can choose a specific email template from either category or you can select our Full Random or Random option.

Creating a Data Entry Landing Page

If you would like to create your own data entry landing page, follow the steps in each section listed below:

1. Creating a Landing Page Form
2. Adding a Secondary Landing Page (optional)
3. Choosing an Email Template

Back to top

Creating a Landing Page Form

You can add a data entry form to a landing page by following the steps below:

1. Navigate to Phishing > Landing Pages > +New Landing Page or click on the title of an existing landing page.
2. In the top-left of the WYSIWYG editor, click on Source.
3. In the source code, add the code for your form. Below is the code for an example form:

   <form action="https://www.yourdomain.com" id="loginform" method="post" name="loginform"><input name="username" placeholder="Email Address" required="" type="text" /><br />
<input id="password" name="password" placeholder="Password" required="" type="password" /><br />
<input type="submit" value="Login" />
</form>

4. To ensure all submitted data is obfuscated correctly, add the following script to the source code:

   <script>
jQuery(function($) { $('#loginform').submit(function() {
var txt = $('#password');
txt.val("*******");
}); function display(msg) {
$('<p/>').html(msg).appendTo(document.body);
}
});
</script>

   Warning

   For the script to work properly, the name and ID for the login form and password input field must match the ID used in the script function. In the code examples above, the name and ID for the login form are highlighted in red while the name and ID for the password input field are highlighted in blue.

Back to top

Adding a Secondary Landing Page (optional)

This is the page where the user will be redirected after the data from the form is submitted. You can add a secondary landing page by including the page's URL in the form action tag.

<form action="https://www.yourdomain.com" id="loginform" method="post" name="loginform"><input name="username" placeholder="Email Address" required="" type="text" /><br />
<input id="password" name="password" placeholder="Password" required="" type="password" /><br />
<input type="submit" value="Login" />
</form>

This landing page can be any web page, including another landing page created in your account, or you can use one of our standard landing pages.

Back to top

Choosing an Email Template

When choosing an email template for your users, be sure to select an email template that includes at least one link in the email body. In the console, all email templates that include a link will have the (Link) tag in the template name.

At the bottom of the email template, select your landing page from the Choose the landing page for this template drop-down.

Back to top