FAQs and Troubleshooting

Share

Is this article helpful?

Last updated:

Types of Simulated Phishing Tests (PSTs)

KnowBe4 offers many types of simulated phishing tests that you can send to your users: phishing link tests, attachment tests, data entry tests, spear phishing tests, reply-to tests, QR code tests, and callback phishing tests. These tests prepare your users for a variety of attack vectors, or paths that cybercriminals can use to gain access to your computer or network.

When you create your phishing campaign, you have the option to use our built-in templates, customize our templates, or design your own templates. If you’d like to learn more about customizing phishing templates or landing pages, see our Create and Edit Email Templates and Landing Pages article.

For general information about creating and managing phishing campaigns, see our Create and Manage Phishing Campaigns article.

Phishing Link Tests

Many real phishing emails include a link that leads to a malicious website or file. A phishing link test simulates this kind of attack by sending an email that includes a misleading link. When a user clicks the simulated phishing link, they are directed to a safe and secure landing page.

When a simulated phishing link is clicked, this action will be recorded in your KnowBe4 console as a failure. To learn more about how phishing test failures are recorded, see our How Clicks Are Tracked in Phishing Security Tests article.

Attachment Tests

An attachment test is a simulated phishing email that includes an attachment and shows how your users handle potentially malicious files. When a user opens the attachment or enables macros for the file, the action will be recorded in your KnowBe4 console as a failure. To learn more about our attachments and how they work, see our Phishing Campaign Attachments Overview article.

Since our built-in attachments are specifically designed to work with the KnowBe4 console, these files cannot be modified and you cannot upload your own custom attachments. However, you can attach and rename our available attachments to any custom email template. Alternatively, you can use a system template that already includes an attachment, as indicated in the template name.

To find templates that include attachments, see our Understanding Tags on Templates and Landing Pages article.

Data Entry Tests

A data entry test is a simulated phishing test designed to trick users into entering sensitive information into a text field. The phishing test email includes a link that directs users to a landing page designed to look like a real data entry page, such as a Microsoft 365 login page.

When the included link is clicked, the action will be recorded in your KnowBe4 console as a failure. If a user enters any information on the landing page, this action will be recorded as an additional failure. To learn more about data entry landing pages, see our Data Entry Landing Pages Guide.

Remember:KnowBe4 will never save the information a user enters into a landing page. Only the action of entering and submitting text is recorded, not the text itself.When editing or creating a data entry landing page, be sure to use the following field names to ensure no entered text is logged on our servers:password, password_confirmation, old_password, credit_card, ssn, social_security_number, domain_name, uname, number, verification_value, brand.

Spear Phishing Tests

Spear phishing is a tactic used by cybercriminals to target a specific user or department by impersonating a trusted source to gather confidential information. You can simulate this attack with a spear phishing test that uses a custom email template designed to target a user or department.

For assistance creating a spear phishing test for your organization, reach out to your Customer Success Manager.

Reply-to Tests

A reply-to test is a simulated phishing test that prompts users to reply to a simulated phishing email. When creating a new phishing campaign, you can enable the Track Replies to Phishing Emails option. If you enable this option, KnowBe4 will record when a user replies to the email and the action will appear as a failure in your KnowBe4 console. You can also choose to save the text and any attachments included in a user's reply email.

To learn more about reply-to phishing tests, see our Reply-To Phishing Guide.

QR Code Tests

A QR code phishing test prompts your users to scan a QR code that is displayed in the body of an email message. The QR code contains a misleading link, just like our phishing link tests. Scanning the QR code from a device is equivalent to clicking a link in your email.

When a user scans the QR code, they are directed to a safe and secure landing page. The action will be recorded in your KnowBe4 console as a failure. You can also include a data entry test within a QR code phishing test by selecting a data entry landing page when you create your phishing campaign. You can select a landing page that is designed to look like a real data entry page, such as an online order from a restaurant.

To learn more about QR code phishing tests, see our QR Code Phishing Security Tests (PSTs) Guide.

Callback Phishing Tests

A callback phishing test is a simulated phishing test that prompts your users to call a number and enter a callback code that is displayed in the body of an email message. Calling the number on the test and entering the callback code is equivalent to clicking a link in a phishing email.

When a user calls the phone number, they will be prompted to enter the callback code in the phishing test. If they enter the callback code during the call, this action will be recorded in your KnowBe4 console as a failure. After they enter the callback code, they’ll be prompted to enter their personal information. If they enter their personal information during the call, this action will be recorded as a second failure.

To learn more about callback phishing tests, see our Create and Manage Callback Phishing Campaigns article.

Was this article helpful?

6 out of 6 found this helpful

Can't find what you're looking for?

Contact Support