Support for Secured (https) Phish Link Domain in Campaigns

Comments

17 comments

  • Official comment
    Avatar
    Kaiser

    Hi Rick,

    Thanks for your post! I've created a ticket for your post at your email address. Our tech team will be reaching out to address the Suspicious link concern and any additional inaccuracies you've reported in your PSTs. 

    To answer your remaining question, we are always looking to add new domains! We just added a few new ones a few months ago but I've put in a request on your behalf to obtain more HTTPS specific ones. 

    I hope this helps! Please feel free to reach out within your ticket for any additional concerns that can be answered by our tech team.

    Kaiser

    KnowBe4

    Comment actions Permalink
  • Avatar
    Rick Garcia

    So there are currently HTTPS specific phishing link domains available now? May I have that list? Currently during the campaign setup, it does not indicate whether the domain is unsecured or secured.

    0
    Comment actions Permalink
  • Avatar
    James Rendon

    Hi Rick! 

    Thank you for getting back to us on this one.  Just to clarify, the Phishing link domain that you are referencing has HTTPS in the name of the domain itself.  However, our team is currently in the process of configuring all of our Phishing link Domains to use HTTPS. 

    I have submitted a feature request to our developers for all of our Phishing link Domains to use HTTPS so they are aware that you are also interested in this functionality. Many new features for the KnowBe4 console originate from feature requests, so thank you for bringing this to our attention! 

    0
    Comment actions Permalink
  • Avatar
    Rick Garcia

    The phishing domains may have HTTPS in the name but that does not qualify them as an HTTPS site. Google skims through the links and identifies them for what they are — unsecured (HTTP). Examples below.

    http://cnn.compromisedblog.com/XYWNz0aW9uPWeNsaWNrJnwVybD1ohudHRwiczovL3NlxY3bVyZWQtbG9naW4ubmV0eL3BhZ2VzLzNkOGMzYjUwZDM2ZCZyZWNpcGllbnRfaWQ9NTE5NDc2NDEzJmNhbXBhaWduX3J1bl9pZD0yNDY0ODUx

    http://online-banking.kb4.io/XYWNg0aW9uPWlNsaWNrJnpVybD1omddHRwhczovL3NlsY3pVyZWQtbG9naW4ubmV0sL3BhZ2VzLzNkOGMzYjUwZDM2ZCZyZWNpcGllbnRfaWQ9NTE3MzQ3MzM3JmNhbXBhaWduX3J1bl9pZD0yNDUwMDA4

    Can you specificy which domains are truly (HTTPS) so we can run a trial campaign?

    1
    Comment actions Permalink
  • Avatar
    Joe Stiles

    Hi Rick,

    Our Phishing domains are currently all http but utilize redirects to secured landing pages.  It looks like James and Kaiser have both submitted feature requests on your behalf and we currently have a support ticket open for you with one of our techs.

    Our recommendation for running a trial campaign is to make sure you've completed our recommended whitelisting and then send a test campaign to a subset of your users to make sure the emails are being received correctly, and you can access our landing pages when clicking the phish link.

    0
    Comment actions Permalink
  • Avatar
    Joshua Bird

    Hi everyone,

    Is there an ETA on a domain being available over TLS? I'd like to start a baseline test with my company, but this Suspicious Link confirmation will result in inaccurate results. I'd also lose the element of surprise, so I'd rather wait if something will be available soon.

    0
    Comment actions Permalink
  • Avatar
    Cliff Jones (Edited )

    Is there any update on this post? I'm currently in a demo for the service and this issue is a barrier to signing up!

     

    0
    Comment actions Permalink
  • Avatar
    Mario Rodriguez

    Hi Joshua,

    Thank you for reaching out. Unfortunately, I do not have an ETA of when this feature will be implemented. I'm confident our team is working tirelessly to add this functionality to our phishing domains so it can be incorporated into your simulated phishing campaigns.

    Please feel free to reach out for any additional concerns that can be answered by our tech team.

    Thank you!

    0
    Comment actions Permalink
  • Avatar
    James Rendon

    Hi Cliff!

    As of right now, our team is still working on the planned feature of having our phish link domains use HTTPS.  I have however submitted a feature request to our developers on your behalf Cliff, to let them know that you are also interested in this functionality.

    The Suspicious Link pop-up is something that is managed and controlled by Google's AI and is not something that is currently able to be whitelisted according to GSuite. However, the good news is that if users are presented with that pop-up, the "click" on the link should still be recorded back to the console as Google opens the URL in the background on the trigger of the pop-up, thus still getting you reporting on those who did click on the given link. 

    Please feel free to reach out for any additional concerns that can be answered by our tech team.

    Thank you!

    0
    Comment actions Permalink
  • Avatar
    Brad Wolf

    Hello there, looking to see if there is any update to this post?

    0
    Comment actions Permalink
  • Avatar
    Douglas Freeman

    Hi Brad, 

    Currently, we do not have any major updates to this item at this time, we are absolutely working on a few solutions in house to get this working but we don't have anything at this time. 

    We are following this post and as soon as we have a viable solution for you we will let you know! 

    Thank you for reaching out to us on this one. 

    0
    Comment actions Permalink
  • Avatar
    Sam Mizzi

    Hello, We are seeing the same "Suspicious link" issue. Are there any updates or workarounds to this request? 

    0
    Comment actions Permalink
  • Avatar
    Kaiser

    Hi Sam,

    I'm sorry to inform you that this behaviour is still being worked on with our team. There are currently no major updates to this request. As Doug mentioned, there's a few in-house solutions we're working on to address the behaviour in the meantime. Though this requires some time on our develop and product team's side.  We hope to have updates in the near future. 

    Thanks so much for checking in on this! Please continue to reach out or generate a ticket if you'd like further information. 

    Kaiser

    KnowBe4

    0
    Comment actions Permalink
  • Avatar
    Luke Kozak

    Hello,

    Just seeing if there are any updates or workarounds here? We too are seeing the "suspicious link" message in Gmail.

    0
    Comment actions Permalink
  • Avatar
    Douglas Freeman

    Hello Luke, 

    The suspicious link popup is an item that is entirely controlled by Google and we don't have a workaround at this time. Google does not allow this feature to be whitelisted currently.

    I am glad to say that the tests are still functional even with that suspicious link, when users are presented with that pop-up, the "click" on the link should still be recorded back to the console as Google opens the URL. So you should still get good reporting metrics. 

    Sorry, we don't have a better resolution for you on this one we'll continue to work with our dev teams to see if we can circumvent this pop up in the future. 

    0
    Comment actions Permalink
  • Avatar
    Florin Tihon (Edited )

    Douglas,

    If we forget for a second about the G-Suite and specific products, any decent solution (i.e. proxy) would block these links.

    I am dealing with the very same issues; all the phishing link domains available for selection are not secure, and hence blocked by the proxy.

    The Phish Link Domain included in the preview of a template used for a particular campaign ("real" HTTPS) is not the same link used in the campaign configurations and deployed to the end users as part of the PST. I will not even elaborate on the default setting for PSTs to use random phishing link domains; the referrer redirect from HTTP to HTTPS will not work for us in the current setting.

    Even if a cert issued by a decent CA and which most browser would trust cost money, it would be nice to offer at least a handful of " true" HTTPS links which can be interchangeably used in the configurations of the campaigns.

    I don't think that whitelisting (or adding proxy exceptions for) all the HTTP domains in your list is a viable option for anyone, and as far as I am concerned, all our end users included in PSTs will see only the "access denied" page from our proxy until this is fixed. This is detrimental for the user experience, as they will never get to see the SEI branded landing page I intended to use, and I will have to send red flags screenshots when the campaign ends. Another option may be to give direct access to the content stored on https://protected-forms.com/pages without referrer and tokens, so it can be embedded in custom email templates under a <link> of our choice.

    I am looking forward for the good news; hopefully soon!

    1
    Comment actions Permalink
  • Avatar
    Douglas Freeman

    Hello Florin, 

    I circled back with my engineers just to be sure on this one. We are looking into providing fully realized HTTPS phishing links in the future for our PST's but I do not have an ETA on that item.
    I did bring up your note about how HTTPS might improve functionality with the Google Suspicious links. Apparently that is an avenue that we have already explored. In our tests with real HTTPS links, we have no improvement in performance with your suggestions above, unfortunately. 

    I definitely appreciate you bringing this potential solution to our team, and absolutely appreciate your contribution to our community board.

    Thank you again!  

    0
    Comment actions Permalink

Please sign in to leave a comment.