How to enable and run Slack phishing (Beta)
Please note that this is a Beta feature that is still in development, it is expected that there will be some bugs or functionality issues at this time.
Enabling Slack Phishing
- Login to your CultureAI admin platform
- Head into your Slack integration
- Click the "More" drop down
- Select "Phishing Settings"
- Click the "Enable Phishing" toggle
- Set your desired phishing frequency
- Choose if you'd like to store messages that your employees send to the phishing bot to view later
Disabled - No replies will be stored
Track unrecognised responses to all messages - Any replies that the bot gets, that you don't have a response configured for will be stored for you to view
Track unrecognised responses to all messages that have replies configured - Any messages that the bot gets that you do have replies configured for, will be stored - Slack phishing is now enabled!
Setting phishing conversations
CultureAI has a few pre-made phishing conversations already set up. These are the messages the phishing bot will send to try and phish your employees. You can create your own custom messages, send some to yourself as a test, and disable any that you don't want to use
- Click the "More" drop down in Slack
- Select "Phishing conversations"
- Click the "Send to me" button next to a conversation to see what it would look like Slack
This will send you a message from the Slackbot, the "real" phishing conversations will not come from the Slackbot. - Click the "Replies" button to view the replies that bot will send to employees if they interact with a message
- If you want to add in more replies, click the "Add reply" button
Creating your own phishing conversations
- Click the "Create new" button in Phishing Conversations
- Select the Target Channel
- Select the impersonation mode
Any of the "Random" options, will select a random user that is, or was at one point, within your Slack environment. The "Generated" option will make a fake user, that isn't actually within your Slack - Create your message, you can add in links for your employees to click from the "Merge Tags" section
- One you're happy with your message, click "Save"
- You can test out how the message looks by clicking "Send to me" please note that these are not interactable. If you reply to the message, nothing will happen
- Add in some replies to the bot message by clicking "Replies", none will be set if you do not create them
Cross Conversation Replies
You can set up some standard replies for you phishing messages, that will apply to all phishing bot conversations.
You set these up the same as the replies in step 7 above.
Phishing scenarios
CultureAI comes with a few pre-set links that your employees can click on. You can add more, or customize some of them.
If you'd like to alter the "HR Portal" link, you can use your own HTML to create a page. Currently, we have it set to look like BambooHR
You can create your own links by clicking the "Create New" button, and setting something up like the below;