Yazılım Kulübü

Phishing is the art of manipulating or tricking the targets to give their sensitive information such as usernames, passwords, and credit card details. Phishers generally masquerade themselves as trustworthy entities using fake emails.  Phishers usually send emails from claiming to be from popular social web sites, banks, news websites, or company admin to trick lure the unsuspecting targets.

2- Use our Phishing Simulator for Phishing Awareness 

Our Phishing simulator provides phishing email template components that are made up of email with .eml extension to test your employee’s phishing vulnerability. In order to create a phishing template, you should have an original email that you can edit/customise once you have imported it into our system. You should save the original email as .eml file format into your local computer.

An example of creating a template is demonstrated below.

As you can see, the email with eml. file extension can be used as the fake web page.

3- Creating a Fake Landing Page

As for creating a fake landing page, you will basically decide which web page you will copy. Then, right-click and click on “View Page Source” to download its HTML code. Make sure that you have saved it to your local computer an as .html extension.

You also have to add some codes to your.html file you have just saved to your local computer to track which users submitted information to this fake landing page during phishing tests and phishing awareness process. 

Therefore, open the .html file on your local computer using a text editor, and edit it by typing to the input areas displayed below as captured=”email”, captured = “password” and capturedbutton. See the sample below.

Now, go to Phishing Simulator > Phishing Scenarios and click on the New Template button on the right corner of the page. Then you have to fulfill the followings:

• Define the Type of the phishing template, e.g., Custom or System

• Type in our Template Name

• Define the Language of the phishing template

• Specify the Category of your template, e.g, online shopping or travel security

• Upload you EML or MSG file you have saved to your local computer

Now, click on the Create button to proceed to customise your phishing template as you desire. You can edit the visuals, sender information, links, name, mailing details within the email content, and assign a Phishing URL by clicking on{PHISHING_URL}the link above box.

If you click on{PHISHING_URL} the box like the picture above, you will see an empty phishing URL on the email content. When you right-click on the link, you will recognise the edit the link or unlink options.

After this editing, whatever the Phishing URL is to be defined in the Campaign Manager, the fake web page will be opened on that same URL.

Shortcuts contain abbreviations such as name, surname, and target e-mails. {TONAME} shortcut automatically adds the target users’ e-mails to each sent e-mail content. It is the same with {TO} parameter. Thus, whatever email, name, and surname information is used in Email Groups, it will appear in the phishing email you have created.

4-  Phishing Awareness Email Campaign Management

This field helps to manage phishing campaigns such as creating a new phishing campaign, reporting a phishing campaign, and scheduling the phishing campaign.

5-  Creating a New Campaign for Phishing Awareness

To create a phishing campaign, go to Phishing Simulation > Campaign Manager and click on the New Campaign on the right top of the page.

Or, under the action column or the related a phishing campaign, click on the edit campaign icon, to edit existing campaigns.

Once you have click on the edit campaign icon, or the New Campaign on the right top of the page, you will see the Campaign Edit page.

Now, you have to fill in the related fields to create a new campaign or edit the g one.

Follow the settings and descriptions below:

Before sending a created campaign to the users in your Email Groups, do not forget to test it at first. Therefore, use the Test icon under the Action and test your campaign.

Then you can launch your campaign with the Start icon.

6- Reporting the Phishing Campaign

You can see the all details of your phishing campaign using the Detail icon under the Action. Click on it and you will be redirected to the Report Manager page to see the phishing campaign details.

Please visit the Report Manager to see how phishing emails are reported and interpreted.

7 – Scheduling a Phishing Campaign

The phishing awareness platform also enables scheduling the Phishing Campaigns. Go to Campaign Manager and click on the Edit icon.

Then, click on the ADVANCED SETTINGS, and here you will see the scheduling option.

Also, you can set the sending limit of the phishing campaign. If you choose 20, for instance, the system will send emails with 20 minutes intervals.

SMTP Delay:

SMTP delay helps to send emails with time intervals. For instance, if you choose the No Delay option, the system will send phishing campaigns without interval (1 sec). However, you can set it to send emails with 10 sec or 20 – sec intervals.

Sending Limit:

With this option, you have the ability to limit the email sending. For instance, by default Keepnet sends phishing campaigns to 20 users in a second. You can set it to 50 or 100 users. However, in this case, many anti-virus tools can alert and send campaigns to the spam folder.

Phishing awareness – Want to try our phishing simulation for free. Click for a free demo.

This blog had been published at www.keepnetlabs.com.