How Do I Find the URL that Phishing Attachment Failures Report Back to?
If you are concerned that your web filter may be blocking phishing test attachment opens in your KnowBe4 console, you can test this by extracting the link contained within the attachment file. Follow the instructions indicated below based on the attachment type you'd like to analyze.
- Microsoft Office Files
- PDF Files
- HTML Files
1) Microsoft Office Files
- To find the phishing link in a Microsoft Office attachment, you will need to view the XML data for the attachment.
- Download the file in question. Change the file's extension to .zip.
- Open the .zip archive, and then the "Word" subfolder.
- Open the document.xml file in a text editor.
- Once you have opened the document.xml file, you'll see a string similar to the following:
INCLUDEPICTURE \d "http://online-banking.kb4.io/XcmVTjaXBpZWc50X2lkPTeMxMTQ0LaNjg5jNSZjYW1wYYWXlnbl9ydW5faWQ9OTAwqODAzJmFjdGlvbj1hdHRhY2htZW50" \* MERGEFORMATINET
2) PDF Files
To find the phishing link in a PDF file, you can open it in a text editor, and you'll find a string similar to the following:
3) HTML Files
To find the phishing link in an HTML file, you can open it in a text editor, and you'll find a string similar to the following:
<a href="http://online-banking.kb4.io/XjayZ1cmw9aHR0cHM6y5rbm93YmU0LmNvbS9wYWdlcy9jMzk1NWIxYzQ4YQ==">Go Now</a>