Phish Users Who Have Been Part of a Data Breach

Our Data Breach category of Phishing Templates allows you to spear-phish users that have been part of specific data breaches. This category includes ten phishing templates, with each template spoofing a unique organization that has had a large-scale data breach incident.

The templates prompt the user to click a link and include a corresponding data entry landing page, so you can test your users on not only their susceptibility to clicking a link, but also if they are prone to entering sensitive information. 

This category is intended to be used in conjunction with the results of KnowBe4's Email Exposure Check Pro (EEC Pro) but can be used in any type of phishing campaign. 

Where can I find these templates?

You can preview the phishing templates in your account under PHISHING > Email Templates > System Templates > Data Breach. Click the "eyeball" icon to preview each template.

The landing pages are located under PHISHING > Landing Pages > System Landing Pages > Data Breach Phishing. Click "Preview" to review or test them.

How to set up a "Data Breach" phishing campaign

Because data breaches often include personal and sensitive information, you'll want to consider the effects of running this test on your users and how you plan to discuss the results with those who fail the test. Once you're ready to run your test, follow the below steps.

1. Run the EEC Pro if you've never run it before. Existing customers with Gold and above subscriptions will get this report automatically on a regular basis and can start with Step 2. 
   • See: EEC Pro (Product Manual)
2. Review your EEC Pro results and see what users have been part of data breaches.
   • Hint: The "High" and "Very High" risk categories indicate that the user's information was part of a data breach incident.
3. Group your users based on the results. For example, you could create a group called "Myspace Data Breach" and place users who were part of that breach within that group. 
   
   • See: How to Create a Group
4. Set up a phishing campaign with the following settings:
   • Deliver to: Use the group(s) you created in Step 3
   • Frequency: One time
   • Sending: Send all emails when the campaign starts
   • Track Activity: We recommend setting this to "3 days"
   • Category and Template: Select the "Data Breach" category, then select the template which spoofs the organization that had a data breach incident that included your user(s)
   • If not specified here, you can leave the remaining options on their "default" setting.
5. Review your results once the test is complete. You can optionally share the results with the individual users who failed your phishing test and use this opportunity to discuss the impact of data breaches. You may also elect to enroll those who failed in a remedial training campaign using content that goes over data breaches.

What happens if I select a different landing page on the Phishing Campaign Creation screen when I set up my Data Breach campaign?

This will overwrite the Data Breach Phishing landing pages we've included in the templates. If you are okay with this, feel free to switch to a different landing page.

Want to run the EEC Pro? Sign up here.