Question
Is it possible to clone a real website for my Data Entry Campaign?
Answer
Yes. A tactic commonly used by attackers is to mimic a legitimate website that prompts the user to enter their credentials into the fake website. Here is a step-by-description of how to use the feature.
- Create Data Entry Campaign
- From Selected Templates, Edit Template
- Select Message
- In field next to Clone Site, enter the full URL of the site to be cloned.
- Verify that the site was fully cloned
- Send the Campaign. The user will see the link to the cloned site
- When the user clicks on the link in the phish they will be taken to the fake cloned site where they are solicited to enter their credentials
Note: The user's password is never sent to the our servers
- When the user submits their credentials to the cloned web site they are instantly shown the Teachable Moment
- The user is marked as Compromised and we display the value entered for the user name
Cloning Modern Login Forms
Our page cloning tool collects raw HTML, and CSS, in an attempt to replicate the look of a web page. However, some web pages (like modern login forms) are dynamically generated and do not display HTML and CSS in a consistent way.
Note
- To prevent our cloned web pages being marked as phishing sites by third-party URL crawlers, Phishing expires the cloned site URL 45 seconds after it was clicked. Future clicks or multi-clicks on the phishing URL will display teachable moments, but not the cloned site.
- We have tested the scraping functionality on several popular web logins (e.g. OWA, Cisco & Juniper VPN, etc.). However given the wide array of web site designs, not all sites may clone properly. If you encounter an issue, please contact support.