Types of Simulated Phishing Tests Offered by KnowBe4
KnowBe4 offers five types of simulated phishing tests that you can send to your users: phishing link tests, attachment tests, data entry tests, spear phishing tests, and reply-to tests. These tests prepare your users for a variety of attack vectors, or paths that cybercriminals can use to gain access to your computer or network.
When you create your phishing campaign, you have the option to use our built-in templates, customize our templates, or design your own templates. If you’d like to learn more about customizing phishing templates or landing pages, see our Customizing Emails & Landing Pages article.
For general information about creating and managing phishing campaigns, see our Creating and Managing Phishing Campaigns article.
Phishing Link Tests
Many real phishing emails include a link that leads to a malicious website or file. A phishing link test simulates this kind of attack by sending an email that includes a misleading link. When a user clicks the simulated phishing link, they are directed to a safe and secure landing page.
When a simulated phishing link is clicked, this action will be recorded in your KnowBe4 console as a failure. To learn more about how phishing test failures are recorded, see our How Are Clicks Tracked in Phishing Security Tests? article.
An attachment test is a simulated phishing email that includes an attachment and shows how your users handle potentially malicious files. When a user opens the attachment or enables macros for the file, the action will be recorded in your KnowBe4 console as a failure. To learn more about our attachments and how they work, see our What Attachments Can I Add to My Phishing Campaign and How Are They Tracked? article.
Since our built-in attachments are specifically designed to work with the KnowBe4 console, these files cannot be modified and you cannot upload your own custom attachments. However, you can attach and rename our available attachments to any custom email template. Alternatively, you can use a system or community template that already includes an attachment, as indicated in the template name.
To find templates that include attachments, see our Understanding Tags on Templates and Landing Pages article.
Data Entry Tests
A data entry test is a simulated phishing test designed to trick users into entering sensitive information into a text field. The phishing test email includes a link that directs users to a landing page designed to look like a real data entry page, such as a Microsoft 365 login page.
When the included link is clicked, the action will be recorded in your KnowBe4 console as a failure. If a user enters any information on the landing page, this action will be recorded as an additional failure. To learn more about data entry landing pages, see our Working with Data Entry Landing Pages article.
Important: KnowBe4 will never save the information a user enters into a landing page. Only the action of entering and submitting text is recorded, not the text itself.
When editing or creating a data entry landing page, be sure to use the following field names to ensure no entered text is logged on our servers:
password, password_confirmation, old_password, credit_card, ssn, social_security_number, domain_name, uname, number, verification_value, brand.
Spear Phishing Tests
Spear phishing is a tactic used by cybercriminals to target a specific user or department by impersonating a trusted source to gather confidential information. You can simulate this attack with a spear phishing test that uses a custom email template designed to target a user or department.
For assistance creating a spear phishing test for your organization, reach out to your Customer Success Manager.
A reply-to test is a simulated phishing test that prompts users to reply to a simulated phishing email. When creating a new phishing campaign, you can enable the Track Replies to Phishing Emails option. If you enable this option, KnowBe4 will record when a user replies to the email and the action will appear as a failure in your KnowBe4 console. You can also choose to save the text and any attachments included in a user's reply email.
To learn more about reply-to phishing tests, see our Reply-to Phishing article.
QR Code Tests
A QR code phishing test prompts your users to scan a QR code that is displayed in the body of an email message. The QR code contains a misleading link, just like our phishing link tests. Scanning the QR code from a device is equivalent to clicking a link in your email.
When a user scans the QR code, they are directed to a safe and secure landing page. The action will be recorded in your KnowBe4 console as a failure. You can also include a data entry test within a QR code phishing test by selecting a data entry landing page when you create your phishing campaign. You can select a landing page that is designed to look like a real data entry page, such as an online order from a restaurant.
To learn more about QR code phishing tests, see our How to Use QR Code Phishing Security Tests article.