Support for Secured (https) Phish Link Domain in Campaigns
Answered
Currently, we are struggling to obtain accurate results of phishing campaigns due to Gmail's safety settings that are applied system wide and cannot be adjusted with Google Admin nor by Google Cloud Support. We have been able to hide some of the red banner warnings but we've noticed that links that are specified as 'phishing links' in our email templates, display a 'Suspicious link' prompt. Informing/hinting our users from continuing on. Which don't get me wrong, that's a great feature but this prevents us from testing our users effectively. I believe one of the reasons that prompt is displayed is due to KnowBe4's selection of unsecured (http) 'phish link domains'.
Will there be any future additions to the 'Phish Link Domain' section to support secured sites (https)?
-
Official comment
Hi Rick,
Thanks for your post! I've created a ticket for your post at your email address. Our tech team will be reaching out to address the Suspicious link concern and any additional inaccuracies you've reported in your PSTs.
To answer your remaining question, we are always looking to add new domains! We just added a few new ones a few months ago but I've put in a request on your behalf to obtain more HTTPS specific ones.
I hope this helps! Please feel free to reach out within your ticket for any additional concerns that can be answered by our tech team.
Kaiser
KnowBe4
Comment actions -
Hi Rick!
Thank you for getting back to us on this one. Just to clarify, the Phishing link domain that you are referencing has HTTPS in the name of the domain itself. However, our team is currently in the process of configuring all of our Phishing link Domains to use HTTPS.
I have submitted a feature request to our developers for all of our Phishing link Domains to use HTTPS so they are aware that you are also interested in this functionality. Many new features for the KnowBe4 console originate from feature requests, so thank you for bringing this to our attention!
-
The phishing domains may have HTTPS in the name but that does not qualify them as an HTTPS site. Google skims through the links and identifies them for what they are — unsecured (HTTP). Examples below.
Can you specificy which domains are truly (HTTPS) so we can run a trial campaign?
-
Hi Rick,
Our Phishing domains are currently all http but utilize redirects to secured landing pages. It looks like James and Kaiser have both submitted feature requests on your behalf and we currently have a support ticket open for you with one of our techs.
Our recommendation for running a trial campaign is to make sure you've completed our recommended whitelisting and then send a test campaign to a subset of your users to make sure the emails are being received correctly, and you can access our landing pages when clicking the phish link.
-
Hi everyone,
Is there an ETA on a domain being available over TLS? I'd like to start a baseline test with my company, but this Suspicious Link confirmation will result in inaccurate results. I'd also lose the element of surprise, so I'd rather wait if something will be available soon.
-
Hi Joshua,
Thank you for reaching out. Unfortunately, I do not have an ETA of when this feature will be implemented. I'm confident our team is working tirelessly to add this functionality to our phishing domains so it can be incorporated into your simulated phishing campaigns.
Please feel free to reach out for any additional concerns that can be answered by our tech team.
Thank you!
-
Hi Cliff!
As of right now, our team is still working on the planned feature of having our phish link domains use HTTPS. I have however submitted a feature request to our developers on your behalf Cliff, to let them know that you are also interested in this functionality.
The Suspicious Link pop-up is something that is managed and controlled by Google's AI and is not something that is currently able to be whitelisted according to GSuite. However, the good news is that if users are presented with that pop-up, the "click" on the link should still be recorded back to the console as Google opens the URL in the background on the trigger of the pop-up, thus still getting you reporting on those who did click on the given link.
Please feel free to reach out for any additional concerns that can be answered by our tech team.
Thank you!
-
Hi Brad,
Currently, we do not have any major updates to this item at this time, we are absolutely working on a few solutions in house to get this working but we don't have anything at this time.
We are following this post and as soon as we have a viable solution for you we will let you know!
Thank you for reaching out to us on this one.
-
Hi Sam,
I'm sorry to inform you that this behaviour is still being worked on with our team. There are currently no major updates to this request. As Doug mentioned, there's a few in-house solutions we're working on to address the behaviour in the meantime. Though this requires some time on our develop and product team's side. We hope to have updates in the near future.
Thanks so much for checking in on this! Please continue to reach out or generate a ticket if you'd like further information.
Kaiser
KnowBe4
-
Hello Luke,
The suspicious link popup is an item that is entirely controlled by Google and we don't have a workaround at this time. Google does not allow this feature to be whitelisted currently.
I am glad to say that the tests are still functional even with that suspicious link, when users are presented with that pop-up, the "click" on the link should still be recorded back to the console as Google opens the URL. So you should still get good reporting metrics.
Sorry, we don't have a better resolution for you on this one we'll continue to work with our dev teams to see if we can circumvent this pop up in the future. -
Douglas,
If we forget for a second about the G-Suite and specific products, any decent solution (i.e. proxy) would block these links.
I am dealing with the very same issues; all the phishing link domains available for selection are not secure, and hence blocked by the proxy.
The Phish Link Domain included in the preview of a template used for a particular campaign ("real" HTTPS) is not the same link used in the campaign configurations and deployed to the end users as part of the PST. I will not even elaborate on the default setting for PSTs to use random phishing link domains; the referrer redirect from HTTP to HTTPS will not work for us in the current setting.
Even if a cert issued by a decent CA and which most browser would trust cost money, it would be nice to offer at least a handful of " true" HTTPS links which can be interchangeably used in the configurations of the campaigns.
I don't think that whitelisting (or adding proxy exceptions for) all the HTTP domains in your list is a viable option for anyone, and as far as I am concerned, all our end users included in PSTs will see only the "access denied" page from our proxy until this is fixed. This is detrimental for the user experience, as they will never get to see the SEI branded landing page I intended to use, and I will have to send red flags screenshots when the campaign ends. Another option may be to give direct access to the content stored on https://protected-forms.com/pages without referrer and tokens, so it can be embedded in custom email templates under a <link> of our choice.
I am looking forward for the good news; hopefully soon!
-
Hello Florin,
I circled back with my engineers just to be sure on this one. We are looking into providing fully realized HTTPS phishing links in the future for our PST's but I do not have an ETA on that item.
I did bring up your note about how HTTPS might improve functionality with the Google Suspicious links. Apparently that is an avenue that we have already explored. In our tests with real HTTPS links, we have no improvement in performance with your suggestions above, unfortunately.I definitely appreciate you bringing this potential solution to our team, and absolutely appreciate your contribution to our community board.
Thank you again!
-
Hello Daniel we don't have an update on our side but for your numbers, they should still be accurate. As James said above
"The Suspicious Link pop-up is something that is managed and controlled by Google's AI and is not something that is currently able to be whitelisted according to GSuite. However, the good news is that if users are presented with that pop-up, the "click" on the link should still be recorded back to the console as Google opens the URL in the background on the trigger of the pop-up, thus still getting you reporting on those who did click on the given link. "
So you can still run accurate phishing tests with this even if the users never see the landing page they will still be counted.
With that being said I do understand that this might not be ideal and we are continuing to work to get this bypassed.
-
Hello Bruno,
Thank you for posting to the community board. Looking into this with my manager and an engineer, I believe that this issue of unsecured (HTTP) phish link domains has been corrected since the prior post in early 2021. I have even confirmed this secured behavior in a reproduction of our phish link domains.
Are you seeing HTTP being used with one of our phish link domains? If so, could you go to https://support.knowbe4.com/hc/en-us/requests/new and open a ticket so that we can investigate this further? This way, we can best help resolve this for you.
Thank you,
Please sign in to leave a comment.
Comments
24 comments