Utilize Inline Images for Phishing Emails

Megválaszolt

Megjegyzések

8 megjegyzés

  • Hivatalos megjegyzés
    Avatar
    Lauren Ashley (Szerkesztett )

    Hi Jason! 

    Thank you for your feedback on this matter. I've forwarded your request to our Development team for review. We do base much of our development and new features on customer feedback, so your input is appreciated. 

    If you have any other ideas feel free to share! 

    Thanks again! 

    Lauren
    KnowBe4

    Hozzászólások műveletei Permalink
  • Avatar
    Randolph Steer

    I had a conversation with KB4 support about the same thing a few months ago.  Their explanation was that if they embedded in-line graphics for any other company (i.e. a logo), they would be violating copyright, because they would actually be USING the image (file) rather than merely POINTING to it.  A subtle distinction, but it may keep the lawyers happy.

    The fact is, that the default image-blocking behavior of most corporate or government e-mail means that KB4's supposed tracking and reporting of "opened" e-mails is pretty much worthless.  It may even be giving less-sophisticated KB4 clients a false sense of how few of their users are actually opening the e-mails.  In our case, it seems mostly to track people who viewed the e-mail on their phones rather than their desktops.  (But not even all of them...)

    Real phishers are not going to have such scruples, however, and will use embedded images to ensure that their potential victims SEE the images regardless of e-mail security settings, because seeing the images makes the phishing e-mail much more credible and authoritative-seeming.

    Perhaps a compromise to keep the lawyers happy but also to measure users' real-world behavior when seeing images would be to offer some graphics that are reminiscent or suggestive of the company, but aren't actually an official logo.  So, for example, some wavy red and blue lines for Bank of America or Pepsi, but not their actual logos.  (And use the wrong font intentionally as well.)

    Randy.

     

    0
    Hozzászólások műveletei Permalink
  • Avatar
    Lauren Ashley

    Hi Randy,

    Thank you for your contributions to the community board, and for your request regarding the ability to use inline images in simulated phishing emails.
    You are accurate in regards to the default image-blocking behavior of some email environments causing "opens" to be less accurately tracked than clicks. Partially due to the nature of this situation, "opened" emails are not counted as a failure during simulated phishing campaigns; rather, "clicks", "attachment opens", "replies", etc. are the only campaign failures contributing toward Phish-prone Percentage and Risk Score.

    Based on daily reviews of the large quantity of non-simulated emails submitted via our Phish Alert Button, our experts note that the number of embedded/inline/attached vs. externally hosted images, is approximately almost even, and a large percentage of phishing emails contain no images.
    Please see this page for KnowBe4's positioning on the images we use in our System Templates. 

    Most importantly, I've forwarded your input and ideas to our Development team for review. We do take customer requests and opinions into consideration when planning feature enhancements; therefore your feedback is greatly appreciated! 

    Thanks again!

    Lauren
    KnowBe4

    0
    Hozzászólások műveletei Permalink
  • Avatar
    Steve Bates

    How about if knowbe4 were able to supply a list of images that they will use, with a script to copy them to a clients web server of the clients.  Then the client would be copying the images for their own use.  Knowbe4 would then need to update the URL of the images in the email to point to the clients cache of  images.   In this way knowbe4 does not touch the images, and I as the client have one webimage cache to trust. 

     

    0
    Hozzászólások műveletei Permalink
  • Avatar
    Douglas Freeman

    Hi Steve, 

    Thank you for the addition to this feature request on allowing the images appear in phishing emails. I've submitted this to our Dev team for review. We appreciate different views when tackling these issues so we really do enjoy the input. A cache of images that will be used in campaigns could be a possible improvement to our phishing platform.  

    Thank you again for the submission, Let us know if you have any other improvement Ideas!

    0
    Hozzászólások műveletei Permalink
  • Avatar
    Andrew Meyercord

    I second this request, but my primary use case is to include our company logo in notification emails sent out for training campaigns. At the very least, I think customers should be able to embed their own images in emails.

    That said, I have seen elsewhere on this forum the repeated argument that linking to externally hosted images avoids copyright issues which would result from embedding them directly into the message, but your very own article refutes this: https://www.knowbe4.com/fud

    I think it should be left up to the customer how they want to handle images in their phishing tests and general communication templates

    0
    Hozzászólások műveletei Permalink
  • Avatar
    Ritesh B

    any update on this request? is it still being considered? will it ever be on the development roadmap? (asking on behalf of 8 clients)

    0
    Hozzászólások műveletei Permalink
  • Avatar
    Walter Nelson (Szerkesztett )

    Hi Ritesh,

    This feature request is something that we will not be implemented due to legal fair use reasons having to do with hosting an image vs linking to an image. We could be legally liable if we host the images.

    0
    Hozzászólások műveletei Permalink

Kérjük, Belépés hagyjon megjegyzést.