If you are using any of our "Phishing For Sensitive Information" login landing pages in your Phishing Security Tests (PSTs), this article may be of interest to you.
When using any of our landing pages that contain a data entry form, you can add a final landing page that your users will reach, once they input information and click a button to submit the credentials.
We don't record any data entered by the user on our System "Phishing For Sensitive Information" landing pages. No data is stored on our servers (including logs) or anywhere else.
If you decide to create a custom "Phishing For Sensitive Information" landing page, it is absolutely vital to follow all instructions found in our Phishing For Sensitive Information (Data Entry) article.
Steps to add a final landing page
- Locate the URL of the landing page you'd like to use as your secondary, or final landing page.
- You will find the URL by navigating to the System (or My) Landing Pages in your console and clicking the Copy URL button. (PHISHING > Landing Pages > System Landing Pages).
- Locate the "Phishing For Sensitive Information" or data entry page that you want your users to reach once they've clicked a link in a Phishing email. Open the landing page in the WYSIWYG (What You See Is What You Get) editor by clicking on its title.
- Click the "Source" button at the top left of the WYSIWYG tool pane.
- Locate the "form action" tag element in the source code of this initial landing page.
The "<form action>" element represents the action taken when a user clicks the button on the data entry form of the landing page.
- Now replace the current URL found (in quotes) within the "form action" tag, with the URL of the desired second/final landing page, as shown bolded, in the example below.
- Alternatively, this final landing page can be any web page.
<form action="https.protected-forms.com/pages/domain/XXXXXXXXXX" id="loginform" method="POST"><input id="uname" name="uname" placeholder="Email or phone" required="" type="text" /> <input id="password" name="password" placeholder="Password" required="" type="password" />
<div class="checkWrap"><input id="remember" name="remember" type="checkbox" value="0" /> <label for="remember">Keep me signed in</label></div>
<input id="submit-btn" type="submit" value="Sign in" /> </form>
This is an example of what the code for the Phishing For Sensitive Information landing pages can look like. The URL entered in the form action tag, <form action="https.protected-forms.com/pages/XXXXXXXXXX" ...., represents the final landing page you've chosen, where XXXXXXXXXX is account-specific information. For EU customers, use the following URL instead: https.eu-secured.com/pages/XXXXXXXXXX.
If you'd like the secondary landing page domain to be a domain other than the default, our Support Team can assist with this. Create a support ticket here.
- Save your customized landing page (with a new title if you'd like).
- Be sure to add this landing page to one of your "My Landing Pages" categories in order for it to be chosen during the phishing campaign set up.
- You can do this from the "My Landing Pages" page by selecting the checkbox next to your new landing page, using the drop-down menu to select a landing page category, and clicking the "Add Selected to Category" button.
When you're setting up your phishing campaign, be sure to choose your new "Phishing For Sensitive Information" login landing page. This way your users will be first directed to the login page, and subsequently, to the final landing page you've chosen, when they fail this Phishing Security Test.
You should always send a test campaign to yourself or a limited number of users before sending it to a larger group. This ensures that everything looks and works the way you're expecting it to.