Every landing page is different, some are designed to coax recipients into clicking a link, some ask for data, some educate the recipient with alarm bells and useful information, some...well some are like this.
Whatever landing page you choose to be at the end of your phishing campaign, know that they all have the ability to influence the recipients, and how they react to your phishing test.
We will outline the 3 most common ways of choosing a landing page below, with the rationale behind each choice.
- Educate - These landing pages let a user know they have failed a phishing test, for example, our default "Alarm Bell - Whoops" landing page.
One benefit of using a page like this is it produces a low number of enquiries to your support desk as the recipient is fully aware of what has taken place. When using this or similar landing pages, avoid sending it to all recipients at once, as they will quickly spread the message and get wise to the campaign underway, distorting accurate results.
- Go unnoticed - A totally innocuous landing page, such as the "404 Error Page" or "Website cannot be found". These pages raise very few alarms as recipients often assume they have simply clicked a broken link. As such, few recipients will communicate with each other regarding the phishing campaign and the campaign results are often more accurate than with other campaigns.
Something to be aware of when using these pages is your support desk is likely to be contacted more frequently, especially if the email linking to the landing page carries company logos/colours.
One way around this is to use email templates unrelated to the company, or, if company branding is preferred, you can create your own landing page which asks recipients to "disregard the email that brought them here as the problem is now resolved", anything that calms the recipient and reduces panic will help maintain the most accurate campaign results.
- Test data protection - Fake authentication pages for the likes of Microsoft 365 (formerly Office 365), LinkedIn or other commonly-used login portals can be linked to the real page upon data submission. This is one of the most common ways hackers gather user data.
This is a more advanced approach to simulated phishing as it shows 2 layers of security awareness, those who click the initial link, then those who also enter the data within the fake form. Landing pages can be linked into chains which test recipients' online awareness and provide detailed insights into the strengths and weaknesses of your organisation's cyber security.
PhishingTackle comes pre-loaded with many customisable Landing Pages, or you can create your own for a truly bespoke campaign.