How to create your own Data Entry forms
Many of Phishing Tackle's pre-made email templates come with built in links to landing pages which ask your recipients to enter sensitive information.
DO NOT COMPLETE WITHOUT READING THIS
Unless Credential Reuse (found in Organisation Settings) is specifically enabled (it is DISABLED by default), Phishing Tackle DOES NOT record any data entered by the recipient. Nothing is stored on our servers, nor anywhere else. Furthermore, the information entered by the recipient is not POSTed in the form submission.
How does it work?
-
-
If/when one of your recipients clicks on a link within a simulated phishing email, they will be redirected to a custom landing page with a form on it that asks for sensitive data from the recipient. When they submit the form, they will be redirected again to a page telling them they have failed the test (or indeed any other page you wish them to see after entering their data). We record the fact they clicked, and the fact they entered their data, we just don't record the data itself.
-
Working with the pre-made email templates
-
-
- Included with the Phishing Tackle platform are several pre-made templates intended to encourage the recipient to enter sensitive data. In step 5 of the phishing campaign wizard (Email Content), when selecting "...Email Template Tags to INCLUDE..." choose "Data Capture". This Tag is linked with all the email templates and landing pages which encourage recipients to enter sensitive data. You can choose a specific template or select a random set to avoid recipients catching on.
-
Creating your own email template - Prerequisites
-
-
-
-
To encourage recipients to give up sensitive data, you will need the following:
-
An email template containing a link for the recipient to click.
-
Preferably one that suggests Logging In or Entering data.
-
-
A landing page with a form for the recipient to fill in.
-
A second landing page for the recipient to be redirected to after entering their data.
-
-
-
-
Creating the landing page
- This is the page containing the entry form for recipients' sensitive information. Create one by going to Templates > Landing Pages under PHISHING on the main menu, then click ADD NEW TEMPLATE
- Enter in any text into the page, but remember you are trying to trick recipients into giving up their sensitive data
- Click Source
- Input this code, making any adjustments you see fit:
-
<form id="loginform" method="post" name="logonForm">
<input id="uname" name="uname" placeholder="Enter your User Id" type="text" />
<input id="password" name="password" placeholder="Password" required="" type="password" />
<button id="sign-in" ></button>
</form>
<script>jQuery(function($) {
$('#loginform').submit(function () {
var txt = $('#password');
txt.val("*******");
});
function display(msg) {
$('<p/>').html(msg).appendTo(document.body);
}
});
</script>
-
- You can also use placeholders to create a more personalised feel. Our full list of placeholders can be found here: Email Template Placeholders - What they are and how to use them.
- As with all custom templates, we recommend giving them a memorable Tag to make them easier to find in future phishing campaigns.
Adding the final landing page (optional)
-
- After the recipient has entered their data, you may wish to redirect them to a final landing page.
- The landing page can be any page you choose (except for "Alarm Bells" landing pages), including other landing pages within the Phishing Tackle platform.
- If you so wish you can chain landing pages together, leading the recipient down a more extended phishing path.
- See our full article surrounding redirection pages here: How To Redirect To a Genuine Web Page From a Simulated Landing Page
TEST YOUR TEMPLATE (seriously, test it)
-
-
-
- Remember to always test your campaigns to yourself or a small group of recipients before using it in full circulation, ensuring there are no mistakes and that everything works as it should.
-
-
Should you require any further assistance with this article, or any aspect of our platform, please contact support.