This introduction will take you through every step involved in the creation and use of phishing sender profiles.
1. What is a phishing sender profile?
A phishing sender profile is the Email From and Display Name that a phishing email appears to come from. As this is one of the first things a target sees when receiving an email it plays a critical role in the success of phishing simulations.
It's advised to consider how a sender profile may look when coupled with a email & website template as targets often consider all three aspects of a phishing attempt before deciding to download a malicious attachment or click a phishing link.
To support this, the CanIPhish platform also allows our users to spoof sender profiles if a vulnerability exists in the way a particular domain has been configured (e.g. you can spoof email@example.com if wikipedia.org hasn't adequately configured its DMARC record). To check if any particular domain is vulnerable, run a scan using our Domain Tools.
2. Sender profile functionality deep-dive
Sender Profile Page Options:
- New Profile: A single-page profile creation popup. Designed for speed and efficiency.
- Update Profile: Provides the ability to view and update the back-end configuration used to create the profile (e.g. display name, from address, from domain, spoofed domain, etc.)
- Delete Profile: Provides the ability to delete a profile.
Sender Profile Setup/Update:
- Profile Name: The name given to the sender profile
- From Display Name: The display name that the phishing email appears to come from (e.g. the display name may be 'Desktop Support')
- Domain Selection: If you've setup your own third-party mail server then you can choose to use your own domains as part of a phishing simulation. If you wish to utilise this functionality then select "Bring my own domain", else proceed with the default selection of "Use a CanIPhish domain"
- Spoof Domain: A checkbox indicating whether or not you want to attempt spoofing a domain. This will alter the creation popup slightly and present an input box for the 'From Address' as well as a 'Validate' button. If a spoofed address when validated presents a 'Spoofable' response, then that address can be spoofed.
- From Address: The from address that the phishing email appears to come from (e.g. the from address may be 'firstname.lastname@example.org')
- Save Profile: Clicking save will save any changes made to a sender profile
3. An Example Sender Profile
The below image shows an example phishing email which incorporates the 'From Display Name' in the email preview of a targets mailbox. Accordingly, it is one of the first things a user sees and plays a huge importance to the success of a phishing attempt.
When a user clicks into the body of an email, they can dig into more detail and accordingly they see the following information pulled from the 'From Display Name' and 'From Address'.