Phishing Users Who Have Been Part Of a Data Breach
Within the phishing email templates area is a ‘Data Breach’ category that allows you to spear-phish your users who have been part of specific data breaches. This category is intended to be used in conjunction with the results of KnowBe4's Email Exposure Check Pro (EEC Pro), but can be used in any type of phishing campaign.
The data breach category includes ten phishing templates, with each template spoofing a unique organization that has had a large-scale data breach incident. The templates prompt the user to click a link and also include a corresponding data entry landing page. A data entry landing page allows you to test your users’ likeliness to click a link and to enter sensitive information.
Our landing pages will never save any of the data entered. We only track whether the user entered data, not the data itself.
Use the jump-links below to navigate through the article and learn how to create a data breach phishing campaign and to learn more about the “Data Breach” category.
How to Establish a "Data Breach" Phishing Campaign
- Run the EEC Pro if you've never run it before. Existing customers with Gold or higher subscription levels will get this report automatically on a regular basis and can start with Step 2.
- For more information see EEC Pro (Product Manual)
The "High" and "Very High" risk categories indicate that the user's information was part of a data breach incident.
3. Group your users based on the results. For example, you may create a group called "Myspace Data Breach" and place users who were part of the Myspace data breach within that group.
4. Set up a phishing campaign with the following settings:
- In the Deliver to section: Use the group(s) you created in Step 3.
- In the Frequency section: Select ‘One time’.
- In the Sending section: Send all emails when the campaign starts.
- In the Track Activity section: We recommend setting this to "3 days".
- In the Category and Template section: Select the "Data Breach" category. You can then select the template which spoofs the organization that had a data breach incident that your user(s) were a part of.
- If not specified here, you can leave the remaining options on their "default" setting.
5. Once the test is complete, you may review the results. You can optionally share the results with the individual users who failed your phishing test and use this opportunity to discuss the impact of data breaches. You may also elect to enroll those who failed in a remedial training campaign using content that goes over data breaches.
Where Can I Find These Templates?
You can preview the phishing templates in your account under PHISHING > Email Templates > System Templates > Data Breach. Click the "eyeball" icon to preview each template.
If you would like to find the landing pages, they are located under PHISHING > Landing Pages > System Landing Pages > Data Breach Phishing. Click Preview to review or test them.
What Happens If I Select a Different Landing Page When I Set Up My Data Breach Campaign?
Selecting a different landing page during campaign setup will overwrite the Data Breach Phishing landing pages we've included in the templates. To manage which landing page your users will see, check out our article on changing landing pages in your phishing campaign.
Want to run the EEC Pro? Sign up here.