Phishing Users Who Have Been Part of a Data Breach

In your KMSAT console, you can use data breach phishing templates to spear-phish users who have been part of specific data breaches. These phishing templates are intended to be used along with the results of KnowBe4's Email Exposure Check Pro (EEC Pro) tool, but they can be used in any type of phishing campaign.

We offer more than 10 data breach phishing templates, and each template spoofs a specific organization that has had a large-scale data breach incident. The templates prompt the user to click a link and also include a corresponding data entry landing page. Data entry landing pages allow you to test your users’ likeliness to click a link and enter sensitive information.

To learn how to preview these phishing templates and landing pages and create a data breach phishing campaign, click the links below.

Jump to:

How to Preview Data Breach Templates and Landing Pages

How to Create a Data Breach Phishing Campaign

How to Preview Data Breach Templates and Landing Pages

To preview our data breach phishing templates, follow the steps below:

1. After signing in to your KMSAT account, navigate to Phishing > Email Templates > System Templates.
2. Locate the System Categories menu on the left side of the screen.
3. Then, locate and click the Data Breach category.
4. Click the eyeball icon under the Actions column to preview the template.

To preview our data breach landing pages, follow the steps below:

1. After signing in to your KMSAT account, navigate to Phishing > Landing Pages > System Landing Pages. 
2. Locate the System Categories menu on the left side of the screen.
3. Then, locate and click the Data Breach Phishing category.
4. Click the eyeball icon under the Actions column to preview the landing page.

Back to top

How to Create a Data Breach Phishing Campaign

Follow the steps below to create a data breach phishing campaign:

1. Run the EEC Pro tool if you've never run it before. Existing customers with Gold or higher subscription levels will get this report automatically on a regular basis and can start with step two. For more information, see the Email Exposure Check Pro (EEC Pro) Product Manual.
2. Review your EEC Pro results and determine which of your users have been part of data breaches.
   Note: The High and Very High risk categories indicate that the user's information was part of a data breach incident.
3. Group your users based on the results. For example, you may create a group called "Kickstarter Data Breach" and place users who were part of the Kickstarter data breach within that group.
4. Set up a phishing campaign with the following settings:
1. Send to: Select the group(s) you created in step three.
2. Frequency: Select One-time.
3. Sending Period: Select Send all emails when the campaign starts.
4. Track Activity: We recommend setting this to 3 days.
5. Template Categories: Select the Data Breach category. Then, you can select a template that spoofs the organization that had a data breach that impacted your users.
5. Leave the remaining options on their default setting.
6. Click Create Campaign.

Once the test is complete, you can review the results. You can optionally share the results with the individual users who failed your phishing test and use this opportunity to discuss the impact of data breaches. You can also choose to enroll users who failed in a remedial training campaign using content about goes over data breaches.

Back to top