How do I prepare for an internal phishing campaign with ConcealBrowse? How do I prepare for an internal phishing campaign with ConcealBrowse?

How do I prepare for an internal phishing campaign with ConcealBrowse?

Question:

I want to set up an internal phishing campaign for my organization while still using ConcealBrowse, how do I prepare for this to make it successful?

 

Answer:

Conceal is always ready to help you prepare for a phishing campaign in your organization. We have some preliminary steps we suggest taking before going live.

 

  • Before launching your phishing campaign you will want to add the sites and domains you're using to an allow policy in the Conceal dashboard in order to stop Conceal from isolating the site.
  • You can do this by one or bulk upload via a .csv file. Below we will outline both methods as well as outlining single tenants and global policies for multiple tenants.
  • An asterisk(*) is a wildcard symbol that stands for any amount of letters or characters in your URL. You can use these in your URL to capture all subdomains. If your policy is not working as intended, please try this method, CIDR notation doesn't always work.
    • Example: The entry https://jukpmawry6/* will allow the site https://jukpmawry6/ and also any subdomains such as https://jukpmawry6/login/

Please refer to the How to implement policies in the ConcealBrowse dashboard for more on auditing changes in the Policy section. 

 

*Never hesitate to contact your Customer Success Manager for any questions or concerns. You may also open a support ticket at support.conceal.io by scrolling to the bottom and clicking Submit a request.