Credential phishing attacks are commonly used to impersonate a brand. Typically, the phishing email will include a link to a website that will attempt to capture the victim's credentials. This method of phishing practices stealing a person's identity through their email address and password by masquerading as a known brand, entity, or person.
Note: When setting up a credential capture page using the Phriendly Phishing portal, users are sent to a secure domain owned by Phriendly Phishing where no credential information is saved.
How to Include Credential Capture in an Email Template:
1. Go to the Email template tab and select an email template. Open the email template creation page select Credential Capture > Set up credential capture.
Note: Instructions on creating a new email template can be found here
2. Complete the information below required to setup credential capture.
Target URL - The login page you would like the credential capture to mimic
Sub Domain - To make the URL look more legitimate
Base Domain - Select from 15 different domains owned by Phriendly Phishing
Path - To make the URL look more legitimate
3. You can preview the link by selecting View page.
Note: All required fields must be filled (marked by a red *) and you must save the draft in order to activate the preview link, otherwise you will receive a 404 error.
4. Insert the credential capture token into the email body.
5. Share the template with your zone.
6. Once completed, you have the option to Preview and Test, Save, and Publish the template.
Note: When testing this template using the Preview and Test feature, the credential capture link will redirect you to our Phriendly Phishing simulated link landing page. This is because the template needs to be populated with an active user token in order to redirect a user to the credential capture page. When sending this template using the learning paths, users will first be directed to the credential capture page before being sent to the micro lesson.