The Phish and Drop campaign type measures whether users enter information on a fake login page after clicking on a fake link within an email and then download and execute the malicious software found on the redirected page, completing the phishing process.
- Select the Phish and Drop type from the phishing campaign types.
- Set the name and language of the campaign you want to launch.
- The Use recipient’s language preference option works the same as in the previous campaign types.
There are three options under the Entires to Store section:
- All: All information entered by the user (e.g., username or masked password, etc.) is recorded. All entered information can be viewed in detail during and after the campaign. Passwords are recorded by taking the first character, and the rest is masked according to the password length. User passwords are stored in the database with the first character visible and the rest masked (e.g., 7*). The password strength is also checked and reported as Strong/Normal/Weak.*
- None: No information entered by the user is recorded.
- Non-Masked: Only unmasked information is recorded. For example, if no encryption is applied to details such as username, email, or phone, this information is recorded. Passwords are not recorded.
The Validate password at local directory option checks the AD password when the user is phished if the user is transferred to the application via AD.
