Phishing for Sensitive Information
You can send phishing emails with a link to a customized landing page that prompts your users to enter sensitive information. We provide built-in templates that include a data entry landing page or you can create your own data entry landing page to phish your users for sensitive information.
Important:
We don't record any data entered by the user. No data is stored on our servers (including logs) as long as the form field names follow a strict naming convention. For the form field names, you must use one of the following:
password, password_confirmation, old_password, credit_card, ssn, social_security_number, domain_name, uname, number, verification_value, brand.
How Does it Work?
When phishing for sensitive information, if a user clicks on a link in an email, they will be redirected to a customized landing page with a form that asks the user to enter sensitive data. When the user submits the form, they will be redirected to a secondary landing page. The secondary landing page will tell the user that they failed the simulated phishing test or it will redirect to another page. We will track if the user clicks on the phishing link and whether or not the user entered data. This information is compiled into a report that can be viewed or exported from the Phishing Security Test reports.
Using Built-In Email Templates
We have two email template categories that use customized landing pages that prompt the user to enter sensitive data. When you create a new phishing campaign, under the Categories drop-down, you can find our Phishing for Sensitive Information and Data Breach categories. You can choose a specific email template from either category or you can select our Full Random or Random option.
Creating a Data Entry Landing Page
If you would like to create your own data entry landing page, follow the steps in each section listed below:
Creating a Landing Page Form
You can add a data entry form to a landing page by following the steps below:
- Navigate to Phishing > Landing Pages > +New Landing Page or click on the title of an existing landing page.
- In the top-left of the WYSIWYG editor, click on Source.
- In the source code, add the code for your form. Below is the code for an example form:
<form action="https://www.yourdomain.com" id="loginform" method="post" name="loginform"><input name="username" placeholder="Email Address" required="" type="text" /><br />
<input id="password" name="password" placeholder="Password" required="" type="password" /><br />
<input type="submit" value="Login" />
</form> - To ensure all submitted data is obfuscated correctly, add the following script to the source code:
<script>
jQuery(function($) { $('#loginform').submit(function() {
var txt = $('#password');
txt.val("*******");
}); function display(msg) {
$('<p/>').html(msg).appendTo(document.body);
}
});
</script>Warning
For the script to work properly, the name and ID for the login form and password input field must match the ID used in the script function. In the code examples above, the name and ID for the login form are highlighted in red while the name and ID for the password input field are highlighted in blue.
Adding a Secondary Landing Page (optional)
This is the page where the user will be redirected after the data from the form is submitted. You can add a secondary landing page by including the page's URL in the form action tag.
<form action="https://www.yourdomain.com" id="loginform" method="post" name="loginform"><input
name="username" placeholder="Email Address" required="" type="text" /><br
/>
<input id="password" name="password" placeholder="Password" required="" type="password"
/><br />
<input type="submit" value="Login" />
</form>
This landing page can be any web page, including another landing page created in your account, or you can use one of our standard landing pages.
Choosing an Email Template
When choosing an email template for your users, be sure to select an email template that includes at least one link in the email body. In the console, all email templates that include a link will have the (Link) tag in the template name.
At the bottom of the email template, select your landing page from the Landing Page drop-down.
Remember:
You should always send a test campaign to yourself or a limited number of users before sending it to a larger group. This ensures that everything looks and works the way you're expecting it to.
Comments
0 comments
Article is closed for comments.