HFTTF Girişim Zirvesi

Son Haberler

İzmir Bilişim Zirvesi 2015’e Katıldık
ODTÜ Android Geliştirici Günlerine Katıldık
kiralık bahis sitesi fiyatları
bahis sitesi kiralama
THE 7 MOST ESSENTIAL SECURITY AWARENESS TRAINING TOPICS FOR 2021
Oltalama Saldırıları Şirketler İçin Ne Anlama Geliyor?
Websitenizin Güvende Olduğundan Nasıl Emin Olabilirsiniz?
WHAT SHOULD YOU DO IF YOU ARE A VICTIM OF A PHISHING ATTACK?
WHAT TO DO IF YOU RECEIVE A PHISHING EMAIL?
Etkili Oltalama Eğitimi İçin Gerekli Adımlar
Önemli Oltalama Türleri ve Tespit Yöntemleri
EMAIL SECURITY SOLUTIONS
Fidye Yazılımı ve Oltalama 2021’de de Artışta Olacak
E-posta Güvenlik Yazılımı Seçerken Nelere Bakılmalı?
Şu an buradasınız: Ana Sayfa / Genel / PHISHING AWARENESS
Genel

PHISHING AWARENESS

25 Eylül 2020 By 0 19

Phishing awareness: Use Keepnet Labs Awareness Educator for free to avoid social engineering schemes.

1- What Is Phishing?

Phishing is the art of manipulating or tricking the targets to give their sensitive information such as usernames, passwords, and credit card details. Phishers generally masquerade themselves as trustworthy entities using fake emails.  Phishers usually send emails from claiming to be from popular social web sites, banks, news websites, or company admin to trick lure the unsuspecting targets.

2- Use our Phishing Simulator for Phishing Awareness 

Our Phishing simulator provides phishing email template components that are made up of email with .eml extension to test your employee’s phishing vulnerability. In order to create a phishing template, you should have an original email that you can edit/customise once you have imported it into our system. You should save the original email as .eml file format into your local computer.

An example of creating a template is demonstrated below.

Phishing simulator - phishing email template

Phishing email template

As you can see, the email with eml. file extension can be used as the fake web page.

3- Creating a Fake Landing Page

As for creating a fake landing page, you will basically decide which web page you will copy. Then, right-click and click on “View Page Source” to download its HTML code. Make sure that you have saved it to your local computer an as .html extension.

You also have to add some codes to your.html file you have just saved to your local computer to track which users submitted information to this fake landing page during phishing tests and phishing awareness process. 

Therefore, open the .html file on your local computer using a text editor, and edit it by typing to the input areas displayed below as captured=”email”captured = “password” and capturedbutton. See the sample below.

Phishing landing page

Now, go to Phishing Simulator > Phishing Scenarios and click on the New Template button on the right corner of the page. Then you have to fulfill the followings:

  • Define the Type of the phishing template, e.g., Custom or System

  • Type in our Template Name

  • Define the Language of the phishing template

  • Specify the Category of your template, e.g, online shopping or travel security

  • Upload you EML or MSG file you have saved to your local computer

Now, click on the Create button to proceed to customise your phishing template as you desire. You can edit the visuals, sender information, links, name, mailing details within the email content, and assign a Phishing URL by clicking on{PHISHING_URL}the link above box.

If you click on{PHISHING_URL} the box like the picture above, you will see an empty phishing URL on the email content. When you right-click on the link, you will recognise the edit the link or unlink options.

After this editing, whatever the Phishing URL is to be defined in the Campaign Manager, the fake web page will be opened on that same URL.

Shortcuts contain abbreviations such as name, surname, and target e-mails. {TONAME} shortcut automatically adds the target users’ e-mails to each sent e-mail content. It is the same with {TO} parameter. Thus, whatever email, name, and surname information is used in Email Groups, it will appear in the phishing email you have created.

4-  Phishing Awareness Email Campaign Management

This field helps to manage phishing campaigns such as creating a new phishing campaign, reporting a phishing campaign, and scheduling the phishing campaign.

5-  Creating a New Campaign for Phishing Awareness

To create a phishing campaign, go to Phishing Simulation > Campaign Manager and click on the New Campaign on the right top of the page.

Or, under the action column or the related a phishing campaign, click on the edit campaign icon, to edit existing campaigns.

Once you have click on the edit campaign icon, or the New Campaign on the right top of the page, you will see the Campaign Edit page.

Now, you have to fill in the related fields to create a new campaign or edit the g one.

Follow the settings and descriptions below:

Settings

Description

Campaign Name

The name of the campaign to be launched

SMTP

Selection of the identified email server

Email Groups

Selection of email group the campaign to be sent

Template

Selection of the phishing scenarios to be used in the campaign

Test Email Addresses

Type the email address for a test, before launching the campaign.

Test Subject / Subject

Header information of email to be sent

From

Email address the phishing email is going to be sent from. (The address to be selected must have a DNS registry.)

From Name

The sender name

Phishing URL

URL information where the prepared fake page will be displayed.

Dead Time

The option of how many days the campaign will continue.

SMTP Delay

Email sending intervals between each email

Advanced Settings

Settings with detailed options

Daily Report

It sends a daily report about this phishing campaign

Finished Report

Report on the completed phishing campaign

Use SSL

It enables SSL option for Phishing URL

LDAP Match

It checks the password on LDAP. For this, LDAP settings must be configured.

Use BEEF

It enables to use of BeEF (The Browser Exploitation Framework Project) in the frame tag

BEEF Address

Users’ BeEF URL

Time Zone

The campaign start date for phishing

Schedule

The campaign can be scheduled here

Before sending a created campaign to the users in your Email Groups, do not forget to test it at first. Therefore, use the Test icon under the Action and test your campaign.

Then you can launch your campaign with the Start icon.

6- Reporting the Phishing Campaign

You can see the all details of your phishing campaign using the Detail icon under the Action. Click on it and you will be redirected to the Report Manager page to see the phishing campaign details.

Please visit the Report Manager to see how phishing emails are reported and interpreted.

7 – Scheduling a Phishing Campaign

The phishing awareness platform also enables scheduling the Phishing Campaigns. Go to Campaign Manager and click on the Edit icon.

Then, click on the ADVANCED SETTINGS, and here you will see the scheduling option.

Also, you can set the sending limit of the phishing campaign. If you choose 20, for instance, the system will send emails with 20 minutes intervals.

SMTP Delay:

SMTP delay helps to send emails with time intervals. For instance, if you choose the No Delay option, the system will send phishing campaigns without interval (1 sec). However, you can set it to send emails with 10 sec or 20 – sec intervals.

Sending Limit:

With this option, you have the ability to limit the email sending. For instance, by default Keepnet sends phishing campaigns to 20 users in a second. You can set it to 50 or 100 users. However, in this case, many anti-virus tools can alert and send campaigns to the spam folder.

Phishing awareness – Want to try our phishing simulation for free. Click for a free demo.

This blog had been published at www.keepnetlabs.com.

RSS Teknoloji Haberleri