Click campaigns: lightweight phishing simulations to train people

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Phishing

Click campaigns are now available on Arsen!

When setting up a phishing campaign, you can choose between Credential Harvesting or a click campaign.

What is Credential Harvesting?

In a credential harvesting training campaign, if a participant clicks on the link, they will be redirected to a fake landing page to enter their login credentials. By doing so, they compromise their account. If this were a real attack instead of an exercise, the consequences could be very dangerous.

The participant who provides their credentials will then be redirected to an awareness page that replays the email, but with different clues that should have raised suspicions.

The Benefits of Click Campaigns

In a click campaign, the participant is directly redirected to a redirection page for evaluation purposes, or to the awareness page for training purposes. Unlike the credential harvesting campaign, there is no landing page to collect login credentials.

If you select "click evaluation campaign" when setting up your campaign, the participant will be redirected to a legitimate site after clicking on the link in the email to avoid them realizing it is an exercise.

These phishing tests allow for shorter campaigns and focus on detecting threats directly within the email. Moreover, these exercises do not go as far as collecting credentials. They can have a greater impact on the company culture and avoid frustrating participants who will have a lesser sense of being "trapped".

Key Takeaways from the Video:

In this video, you will learn:

  • The benefits of a click campaign
  • The difference between credential harvesting and a click campaign
  • The distinction between a training click campaign and an evaluation click campaign
  • How to launch a click campaign on Arsen

Don't miss an article

No spam, ever. We'll never share your email address and you can opt out at any time.