Phishing Simulator

1. Introduction

To get the most out of our anti-phishing platform, you need to use the following options.

  • You should customize your SMTP definition. If you use our SMTP service, you should create a whitelist.

  • Contact us at [email protected] and receive the SMTP IP Address of our Phishing Simulator. You will able to control your dashboard on the Platform.

  • To receive new notifications, add the domains keepnetlas.com and keepnetbird.com to the whitelist.

  • With the tour options, you can examine the pages and understand the forms and entries on the pages in detail.

2. Understanding Phishing Scenarios Page

Phishing Scenarios is the page where you start your phishing campaigns. On this page, you are going to see many ready phishing email templates and fake landing pages in Phishing Scenarios List.

The Phishing Scenarios List has the following Columns:

Column Title

Description

Company Name:

Name of the company which has created the related phishing email template

Template Name:

Name of the phishing email template

The Content Type:

The content type of the phishing email template, e.g., is it a data submitting (sharing) or an attachment downloading scenario?

Created:

Creation date o the related phishing email template

Categories:

Category of the phishing email template, e.g., online shopping, or travel security

Owner:

The person who has created the related phishing email template

Language:

The language of phishing email template

Type:

The type consists of two sections, System and Custom.

System: If the type is System, then it means the related phishing email template is a default template.

Custom: If the type is Custom, then it means the related phishing email template is created by the Client.

Action:

Action column provides the following features: 📍 Edit Campaign: You can customize the related phishing email template.

📍 Clone Template: You can duplicate the related phishing email template for your own usage.

📍 Preview template: You can preview the related phishing email template to see how it looks like.

📍 Move to Trash: You can delete the related phishing email template

📍 Launch: You can use the related phishing email template to start your phishing email campaign

3. Creating Quick Phishing Campaign

It’s possible to create a phishing campaign with one click. For this, simply go to Phishing Simulator > Phishing Scenarios > Template List page, and you are going to see a lot of ready-email templates to test your users.

Once you have previewed the phishing email templates and their fake landing pages and decided which email template you are going to use, you can launch your phishing campaign by clicking on the Launch button under Action.

Now, you are going to see the Fast Launch page. You must do the followings:

  • Type a description fo your phishing campaign in Notes

  • Select instant Training that will be assigned to your users once they have failed in the phishing test. If you don't want to use this function, leave it as it is.

  • Select your Target group, e.g., if your target group is already in the system, choose one of your groups from your group list that appeared. However, if it is a new group, select the New Group.

  • If you select New Group, you must type the following group details.

    • Name (Optional): Type your target users' Name. This is an optional feature. If you choose this, your target users will see a personal greeting addressing their names during the phishing campaign. If you do not want this, leave it as it is. However, note that if you skip this process, your users will get a generic greeting, rather than a personal one.

    • Surname (Optional): Same as above. Type your target users' Surname. This is an optional feature. If you choose this, your target users will see a personal greeting addressing their Surnames during the phishing campaign. If you do not want this, leave it as it is. However, note that if you skip this process, your users will get a generic greeting, rather than a personal one.

    • Email (Must): Type your target users' Email. This is required.

You have made all changes, the system will start the related phishing campaign with default variables (such as SMTP, dead time, etc.).

4. SMTP And LDAP Settings

An SMTP (Simple Mail Transfer Protocol) server is an application that it's main purpose is to send, receive, and/or relay outgoing mail between email senders and receivers. You can define the email server that the phishing campaign will be sent. For this, visit the Company > SMTP Setting List > New SMTP page and define the SMTP settings:

Settings Title

Description

SMTP Name

This is the name that will be listed on the SMTP list page as a reminder name.

SMTP Type

This is the type of SMTP. When using the corporate server, it may remain default. It can bring the settings of Gmail, Outlook, etc. services predefined for convenience.

SMTP Server Address

SMTP server’s DNS name or IP address and port number.

Authentication

The field where the requested username and password values are defined. If your SMTP server requires authentication, you should mark the Authentication box.

Use SSL

If email service supports or necessitates an SSL connection, you can use this option.

Reply To

It is the email address for responses to return, except the sender email address.

Error To

The email address errors will be delivered.

CC

E-mail address to keep in CC in the sent e-mails.

BCC

Blind carbon copy to tertiary recipients who receive the message. The primary and secondary recipients cannot see tertiary recipients.

X-Mailler

The value to be selected as the sender e-mail.

Custom Header

The Custom header option is there to add additional options to the sent e-mail header information. Sometimes, security checks are needed.

Important Note: During simulation activities, since sender domain names would be different, it is crucial for SMTP servers to authorise sending email from different domains. In this case, we suggest adding to the list relay-host of our IP address’ SMTP server.

4.1. Testing of SMTP Settings

You can check whether the email has been sent via the defined email server or not. Simply click on the “Send Test Message” button, which is located on the email server page.

If it is successful, you will get a Success notification.

4.2. LDAP Settings

LDAP (Lightweight Directory Access Protocol) is an Internet protocol that email and other programs use to look up information from a server. With the integration of Windows Active Directory and LDAP, it is possible to import user accounts to our system. You can access LDAP Settings on the “Advanced Settings > Ldap Settings” page.

With the “New LDAP” option, you can create a new LDAP and make multiple Active Directory definitions on this page.

LDAP Settings

Description

URL

Active Directory’s (AD) IP address or DNS address

Username

An authorized username to make LDAP query

Password

The password for this account

Status

The status of the registry to be added can be changed as passive or active. It can be used when it is active.

Filter

The options under this menu can be left as default. If AD structure customized, changes can be made in the types of queries here.

5. Importing Target Users into the System

You can create a new email group for Phishing or Training Campaigns or edit the existing ones.

5.1. Using an Excel File

To use this feature, firstly, you must download the sample Excel file from our platform. Go to the Company > Target Users where you will see your existing user groups. If you want to import your new users to an existing group, click on the Mails under Action.

On the new page opened (the Group Information page), click on the Download button bottom left-hand corner to have your "Sample Excel Sheet File"

You must import your users into the "Sample Excel Sheet File". The sequence should be as following:

Email | Name | Surname | Phone | Department | Extra Field 1 | Extra Field 2

Not all of the fields are required, but we recommend that you fill in the Email, Name, Surname fields.

To prevent the syntax structure from damage, do not delete the fields you have not filled in!

Once you prepare your target group information in the Excel file, you can upload it into the system from the Choose File button on the Group Information page.

If you want to create a new user group, go to Company > Target Users and click on the New Group button on the upper right-hand corner. Once you name your group, you will be redirected to your Target Users Page where you will see your new group's name. However, note that this group will be empty and you have to import your users by clicking on the Mails button under Action.

5.2. Using LDAP Feature

You have also the Active Directory integration option to import your target users into the Platform. Go to the Advanced Settings > LDAP Settings and on the upper right-hand corner click on the New LDAP button.

On the new page opened, fill in the related fields and click on the Save button on the bottom right-hand corner.

Now, go back to Company> Target users, and click on the (Mails) button of the related group, open the Group Information page. Here, click on the Add User LDAP button and import them into the platform.

With the “Query in Db” option, you might search for a name, department, or any attribute within LDAP.

If you choose the “Import All” option, all users will be imported into the system. Or, if you choose the “Import Selected” option, only the chosen users will be imported into the system.

5.3. Manual Import

You can also add email details to your target groups manually. For this, go to Company> Target users, and click on the (Mails) button of the related group, open the Group Information page. Here, click on the Add User Manually button to go to the Email User Edit page. Fill in the related fields and click on Save to complete the process.

6. Phishing Template Management

Our platform allows users to select or create the phishing email templates to be used in phishing campaigns. As mentioned above, there are multiple phishing scenario samples in the Platform that are accessible from the Phishing Simulator > Phishing Scenarios.

Once you decided which template to use, you can carry out various operations like editing, cloning, or previewing the fake email with buttons under the Action column. See more on Understanding Phishing Scenarios.

6.1. Cloning and Customising Default Phishing Templates

You can clone pre-existing phishing email templates and fake landing web pages and customize them. Once you click on the button under Action on the Phishing Scenarios page, you will create a duplicate of the related template.

Now, on the cloned template, click on the Edit button under Action to start your customization. You can change the text, logo, signatures, phishing links, sender name, UR, etc.

By clicking on the Content, you can also open the fake landing page and customize it.

After you are done with editing, you can save it and use it to start your own phishing campaign.

Template Editing Description Table

Settings

Description

Template Name

The name that was given to the template

Default Document Name

Document’s Default name

Template Files

The template file to be used

Attachment

The attachment that will be added to the phishing email template

From Name

The sender name

From

The sender email address

Phishing URL

The phishing URL which is redirected to Platform

Subject

The email/phishing subject

Shortcut

Field shortcuts in the email

Content

The phishing email content

Clone

It is used to create a new copy of the template. It is an ideal way to work on a new one without unsettling the existing templates.

Preview Page

The existing fake page (an HTML page) is previewed.

6.2. Previewing and Deleting Phishing Templates

It is also possible to preview your phishing templates. For this, click on the Preview button under Action. While you are previewing the phishing template, if you click on the links within the email content, you will be redirected to the fake web page that is designed for capturing data. (We had covered how to edit phishing email templates and fake landing page in 5.1).

It is also possible to delete the phishing template with the Delete button under Action.

6.3. Creating a New Phishing Template

6.3.1. Phishing Email Template

Phishing email template components are made up of email with .eml extension. In order to create a phishing template, you should have an original email that you can edit/customize once you have imported it into our system. You should save the original email as .eml file format on your local computer.

An example of creating a template is demonstrated below.

Figure 1. Original Email
Figure 2. .eml File

As you can see, the email with eml. file extension can be used as a fake web page.

6.3.2. Creating a Fake Landing Page

As for creating a fake landing page, you will basically decide which web page you will copy. Then, right-click and click on “View Page Source” to download its HTML code. Make sure that you have saved it to your local computer an as .html extension.

You also have to add some codes to your.html file you have just saved to your local computer to track which users submitted information to this fake landing page during phishing tests.

Therefore, open the .html file on your local computer using a text editor, and edit it by typing to the input areas displayed below as captured=”email”, captured = “password” and capturedbutton. See the sample below.

Figure 3. Adding Codes in HTML file

Now, go to Phishing Simulator > Phishing Scenarios and click on the New Template button on the right corner of the page. Then you have to fulfill the followings:

  • Define the Type of the phishing template, e.g., Custom or System

  • Type in our Template Name

  • Define the Language of the phishing template

  • Specify the Category of your template, e.g, online shopping or travel security

  • Upload you EML or MSG file you have saved to your local computer

Now, click on the Create button to proceed to customize your phishing template as you desire. You can edit the visuals, sender information, links, name, mailing details within the email content, and assign a Phishing URL by clicking on{PHISHING_URL}the link above box.

If you click on{PHISHING_URL} the box, you will see an empty phishing URL on the email content. When you right-click on the link, you will recognize the edit the link or unlink options.

After this editing, whatever the Phishing URL is to be defined in the Campaign Manager, the fake web page will be opened on that same URL.

Shortcuts contain abbreviations such as name, surname, and target e-mails. {TONAME} shortcut automatically adds the target users’ e-mails to each sent e-mail content. It is the same with {TO} parameter. Thus, whatever email, name and surname information is used in Email Groups, it will appear in the phishing email you have created.

7. Phishing Campaign Management

This field helps to manage phishing campaigns such as creating a new phishing campaign, reporting a phishing campaign, and scheduling the phishing campaign.

7.1. Creating a New Campaign

To create a phishing campaign, go to Phishing Simulation > Campaign Manager and click on the New Campaign on the right top of the page.

Or, under the action column or the related a phishing campaign, click on the edit campaign icon, to edit existing campaigns.

Once you have click on the edit campaign icon, or the New Campaign on the right top of the page, you will see the Campaign Edit page.

Now, you have to fill in the related fields to create a new campaign or edit the g one.

Follow the settings and descriptions below:

Settings

Description

Campaign Name

The name of the campaign to be launched

SMTP

Selection of the identified email server

Email Groups

Selection of email group the campaign to be sent

Template

Selection of the phishing scenarios to be used in the campaign

Test Email Addresses

Type the email address for a test, before launching the campaign.

Test Subject / Subject

Header information of email to be sent

From

Email address the phishing email is going to be sent from. (The address to be selected must have a DNS registry.)

From Name

The sender name

Phishing URL

URL information where the prepared fake page will be displayed.

Dead Time

The option of how many days the campaign will continue.

SMTP Delay

Email sending intervals between each email

Advanced Settings

Settings with detailed options

Daily Report

It sends a daily report about this phishing campaign

Finished Report

Report on the completed phishing campaign

Use SSL

It enables SSL option for Phishing URL

LDAP Match

It checks the password on LDAP. For this, LDAP settings must be configured.

Use BEEF

It enables to use of BeEF (The Browser Exploitation Framework Project) in the frame tag

BEEF Address

Users’ BeEF URL

Time Zone

The campaign start date for phishing

Schedule

The campaign can be scheduled here

Before sending a created campaign to the users in your Email Groups, do not forget to test it at first. Therefore, use the Test icon under the Action and test your campaign.

Then you can launch your campaign with the Start icon.

7.3. Reporting the Phishing Campaign

You can see the all details of your phishing campaign using the Detail icon under the Action. Click on it and you will be redirected to the Report Manager page to see the phishing campaign details.

Please visit the Report Manager to see how phishing emails are reported and interpreted.

7.4. Scheduling a Phishing Campaign

The platform also enables scheduling the Phishing Campaigns. Go to Campaign Manager and click on the Edit icon .

Then, click on the ADVANCED SETTINGS, and here you will see the scheduling option.

Also, you can set the sending limit of the phishing campaign. If you choose 20, for instance, the system will send emails with 20 minutes invervals.

SMTP Delay:

SMTP delay helps to send emails with time intervals. For instance, if you choose the No Delay option, the system will send phishing campaigns without interval (1 sec). However, you can set it to send emails with 10 sec or 20 - sec intervals.

Sending Limit:

With this option, you have the ability to limit the email sending. For instance, by default Platform sends phishing campaigns to 20 users in a second. You can set it to 50 or 100 users. However, in this case, many anti-virus tools can alert and send campaigns to the spam folder.

8. FAQ (Phishing Simulator)

Q: Can I schedule a phishing campaign?

A: Yes, you can. Go to Campaign Manager and click on the Edit icon. Here, click on the ADVANCED SETTINGS, and you will see the Schedule option.

Q: Can I set the phishing campaign sending limit?

A: Yes you can. Go to Campaign Manager and click on the Edit icon. You will see the sending limit and SMTP delay setting here.