What is the Free Social Media Phishing Test (SPT)?
KnowBe4's Social Media Phishing Test (SPT) is a web-based tool that helps you determine which of your users are most likely to fall for social media related phishing attacks. These types of attacks work by tricking your user into clicking on a link in an email that directs them to a login page. This login page looks like a trusted social media platform so they feel safe enough to enter their credentials. With these credentials, hackers can log in to the user's social media account to access personal information. They can also use social login to log in to their accounts or even create fake accounts with the user's credentials and identity. SPT can help you see how likely your users would be to fall for this type of attack should a real attack ever occur.
SPT allows you to send your users one of three social media based phishing templates. You can also select the landing page, where the user will be directed to should they click on the link in the phishing template. If you select the landing page for the social media platform and the user clicks on the link in the email, your user will be directed to a fake login page. If they enter credentials and try to log in, they will be redirected to an error page.
At the end of the test, you'll be able to download a report with your results. This report will show you how many of your users clicked on a link in the email and how many of your users entered data on a landing page. SPT will never save any of the data entered on the landing page. We only track whether the user entered data, not the data itself.
Follow these steps below to complete your free SPT. You will not be required to download or install any software. The default test is limited to 100 employees. Please contact us if you need to send to more.
Signing Up for a Free Account
If you already have a free account, skip to the Setting Up a Social Media Phishing Test section.
- Sign up for a free account here: KnowBe4 Free Social Media Phishing Test.
- After entering your information, you can either click Get Started or click the link provided in the email we will send you.
- On the next page, you'll be prompted to enter your work email address. After you enter your email address, click Next to create a free account.
- You will receive an email asking you to activate your account. Click the link in the email to activate your free account.
- After you click the link, you will need to set up your free account. Enter your first and last name as well as a password for the account. Click Save & Continue.
- You'll be redirected to the SPT wizard. As the first person to sign in under your domain, you will be automatically set up as the Account Owner. Proceed to step 3 under Setting Up a Social Media Phishing Test.
Email addresses of publicly-available email services like Hotmail and Gmail cannot be used when signing up for or running the SPT.
The Account Owner must use his or her corporate email address to sign up and this test will be limited to the domain of that corporate email address. For example, if you sign up with user@CompanyXYZ.com as your email address, you will only be able to test users with an “@CompanyXYZ.com” email address.
Setting Up a Social Media Phishing Test
- Log in to your free KnowBe4 account.
- Under the Free Social Media Phishing Test, click the Get Started button.
- On the page that follows, click Next Step.
Free Social Media Phishing Test Wizard
- Choose which style of phishing template to use. We have three options: LinkedIn, Twitter, and Facebook. You can preview each by clicking the Preview button. When you are finished, click Next Step to advance to the next page.
- Choose who you'd like to send this phishing test to. This page allows you to enter up to 100 email addresses from your organization. If you've already taken the Phishing Security Test (PST) or the Phishing Reply Test (PRT), you can import the user list you used for that test.
If manually adding emails:
Type out or paste the email addresses into the box, one per line, with no commas or spaces.
If importing emails from PST or PRT:
Click either the Import Recipient List from PST or Import Recipient List from PST button. The email addresses will automatically populate in the text box. Any text you already have in the field will be replaced by the imported list.
Next, choose which landing page you'd like your users to see if they click on the link in the email. You can select either our standard landing page or the landing page for the social media platform you are spoofing. Our standard landing page lets the user know that they failed a phishing test and the red flags that indicated the email was a phishing email.
- If you haven't already done so, make sure you whitelist our mail servers and test that you can successfully receive our phishing emails. On our Review & Launch page, we provide links to our whitelisting documentation to guide you through this process. Note: contact our support team to ask for the domains that you will need to whitelist for this test if you are using a firewall.
- After whitelisting, click the blue Preview and Send Test Email button. This is a sample of what your email will look like when your users receive it. After previewing, you can send yourself a test email by clicking the Send me a test email link on the top right.
- After sending the test email, check your mail and make sure you've received it. This may take up to ten minutes to receive. You can make sure it has been delivered by checking the Test Email Delivery area towards the bottom of the page.
If you receive this email, you are ready to continue to the last step. If you do NOT receive the email or it is filtered into your spam or junk folder by your email system, please review our whitelisting instructions which are linked to the instructions on the page, or you can click here for whitelisting information. Be sure to consider any spam filter service or device you have in place where we may need to be whitelisted as well. You can also contact our support team for assistance.
- Once you've successfully whitelisted and are ready to start your test, click the Start Your Free SPT Now! button to begin. The test will send out a phishing email to all of the users you entered on the Choose Recipients tab. It will track any clicks on these emails and any data entered on the social media landing pages (if selected) for three days.
SPT will never save any of the data entered on the landing page. We only track whether the user entered data, not the data itself.
After you run the test, you can return to your account at any time to view the results on the Dashboard page. Under Free Social Media Phishing Test Results, you will be able to see the status of your Social Media Phishing Test, when the test was started, the total number of emails delivered, the total number of users who clicked the link, and the total number of users who entered data on the landing page. Please note: if you selected the SEI landing page, the percentage for data entered will be zero.
A PDF report will also be emailed to you automatically after 24 hours. You can view this PDF by clicking the Download PDF Report button under the Free Social Media Phishing Test Results section of your Dashboard. If you would like to know who replied, your rep or reseller can get you that information. If you do not know who your rep is, submit a support ticket and we'll assist you right away.
Armed with this knowledge, you can help protect your organization by teaching your users about the dangers of social media attacks. Enrolling in KnowBe4's new school security awareness training can help you achieve this goal. Through KnowBe4, you can train your users to spot the warning signs and keep their skills sharp by sending fake phishing attacks much like the ones in this free tool. For more information, request a demo here.