The Attached Data Entry campaign type measures whether users download and execute malicious software attached to an email and then enter information on a fake login page, completing the phishing process.
- Select the Attached Data Entry type from the phishing campaign types.
- Set the name and language of the campaign you want to launch.
- The Use recipient’s language preference option works the same as in the previous campaign types.
There are three options under the Entries to Store section:
- All: All information entered by the user (e.g., username or masked password, etc.) is recorded. All entered information can be viewed in detail during and after the campaign. Passwords are recorded by taking the first character, and the rest is masked according to the password length. User passwords are stored in the database with the first character visible and the rest masked (e.g., 7*). The password strength is also checked and reported as Strong/Normal/Weak.*
- None: No information entered by the user is recorded.
- Non-Masked: Only unmasked information is recorded. For example, if no encryption is applied to details such as username, email, or phone, this information is recorded. Passwords are not recorded.
The Validate password at local directory option checks the AD password when the user is phished if the user is transferred to the application via AD.
