Sender Profiles - Introduction

This introduction will take you through every step involved in the creation and use of phishing sender profiles.

1. What is a phishing sender profile?
2. Sender profile functionality deep-dive
3. An Example Sender Profile

1. What is a phishing sender profile?

A phishing sender profile is the Email From and Display Name that a phishing email appears to come from. As this is one of the first things a target sees when receiving an email it plays a critical role in the success of phishing simulations.

It's advised to consider how a sender profile may look when coupled with a email & website template as targets often consider all three aspects of a phishing attempt before deciding to download a malicious attachment or click a phishing link.

To support this, the CanIPhish platform also allows our users to spoof sender profiles if a vulnerability exists in the way a particular domain has been configured (e.g. you can spoof support@wikipedia.org if wikipedia.org hasn't adequately configured its DMARC record). To check if any particular domain is vulnerable, run a scan using our Domain Tools.

2. Sender profile functionality deep-dive

• Sender Profile Page Options:

  • New Profile: A single-page profile creation popup. Designed for speed and efficiency.
  • Update Profile: Provides the ability to view and update the back-end configuration used to create the profile (e.g. display name, from address, from domain, spoofed domain, etc.)
  • Delete Profile: Provides the ability to delete a profile.

• Sender Profile Setup/Update:

  1. Profile Name: The name given to the sender profile
  2. From Display Name: The display name that the phishing email appears to come from (e.g. the display name may be 'Desktop Support')
  3. Domain Selection: If you've setup your own third-party mail server then you can choose to use your own domains as part of a phishing simulation. If you wish to utilise this functionality then select "Bring my own domain", else proceed with the default selection of "Use a CanIPhish domain"
  4. Spoof Domain: A checkbox indicating whether or not you want to attempt spoofing a domain. This will alter the creation popup slightly and present an input box for the 'From Address' as well as a 'Validate' button. If a spoofed address when validated presents a 'Spoofable' response, then that address can be spoofed.
  5. From Address: The from address that the phishing email appears to come from (e.g. the from address may be 'support@securecloud.com')
  6. Save Profile: Clicking save will save any changes made to a sender profile

3. An Example Sender Profile

The below image shows an example phishing email which incorporates the 'From Display Name' in the email preview of a targets mailbox. Accordingly, it is one of the first things a user sees and plays a huge importance to the success of a phishing attempt.

When a user clicks into the body of an email, they can dig into more detail and accordingly they see the following information pulled from the 'From Display Name' and 'From Address'.