Jump to:
Why would you want to simulate a 'silent' credential-harvesting attack?
How do I redirect to a genuine page from a simulated landing page?
Introduction
Hackers often employ a technique whereby after stealing a victim's credentials (from a genuine-looking but fake landing page) they redirect them to the real page so as not to raise suspicion from the victim.
This allows attackers to go unnoticed for much longer during 'silent' credential-harvesting campaigns.
The Phishing Tackle platform allows you to replicate such attack techniques which we will explain below, but first you may be wondering why?
Why would you want to simulate a 'silent' credential-harvesting attack?
If you don't actually plan to steal your users' credentials (which of course we don't condone nor allow within our T&Cs), it might seem unnecessary to redirect to a genuine page after a data capture page (akin to "hiding your tracks").
There are two main reasons you may wish to use this technique:
You want to test your users' understanding of your organisations policies
All organisations should have policies in place for users should they believe they have been party to a cyber attack or potential data breach.
This could be by way of contacting the IT or Security team, informing them of the potential breach, or it could involve filling out a potential breach form.
Whatever policy your organisation uses, this type of simulation puts the responsibility of reporting in the hands of the user, rather than the campaign telling the user where they've gone wrong. They are being tested as to whether they notice something is not right, then whether or not they follow the correct procedure accordingly.
All the admin needs to do to understand which users have correctly followed organisational policy is check which users have entered data during the campaign and compare the results with which users have reported the potential attack. See Reviewing a Phishing Campaign for information on how to do this.
You want to find out how many of your users are reusing credentials
While this is not the only way to test for credential reuse, it is exactly how many hackers would go about a genuine credential-harvesting attack.
If you are actively monitoring credential reuse, this type of attack allows you to run multiple campaigns to your users and measure which users reuse their credentials without alerting them to the test.
In doing so, you are better equipped to decide which users are in need of additional training surrounding password hygiene.
How do I redirect to a genuine page from a simulated landing page?
The process is very simple, all we need to do is create the link to the genuine page then adjust the Redirection page setting on the simulated landing page we wish to use, explained below.
Create the genuine link page
-
- Navigate to PHISHING > Templates > Landing Pages
- Click ADD NEW LANDING PAGE TEMPLATE
- Give the landing page a useful Description
- Click Source and copy the following single line into the editor, ensuring to change the URL (in bold below) to your desired link.
- <meta http-equiv="refresh" content="0; URL='https://www.microsoft.com/'" />
- Note: Ignore the Redirection Page setting at the bottom of the page, this is irrelevant for this landing page.
- Hit SAVE
Redirect the fake landing page to the genuine page
- Open the template editor for the data capture landing page you want to use (in this case we want to use the Microsoft 365 login page and have created a second version called "Silent Harvest")
- Within the editor, change the Redirection Page to the page you created in steps 1-5 and hit SAVE.
Now, when this landing page is used within a phishing campaign, any recipient that enters details into the above landing page will be redirected to the genuine page you specified.
NOTE: This will only work on landing pages with submit forms.