In this article, we guide you on how to create and analyse a USB Campaign. These campaigns are necessary for showing us how employees react when finding an unknown USB drive.
1. To create a new USB Campaign, select the New Campaign button.
2. Enter the details required and click CREATE CAMPAIGN to create that campaign:
3. Let’s do an example:
4. On the confirmation that pops up, click OK.
You should get the following output:
5. Click on Go Back to return to the default page of the USB Campaign.
6. To delete the campaign, just click on the trash can button:
7. You should receive a message, essentially asking you to confirm your action. Click Delete Campaign or Cancel accordingly.
8. If you have selected Delete Campaign, you will then be prompted with a confirmation. Click OK to resume.
9. The following documents are downloadable and contain various payloads responsible for providing us the intended information upon the success of the campaign:
10. Click on any of them to download. In this case, we downloaded all 4 types of files:
11. Let’s take for example the Word file. Right-click on the file and select Properties:
12. On the properties, tick the Unblock box.
13. Click OK to apply the changes.
14. Repeat this exact procedure for the rest of the files (Excel, PDF, PowerPoint).
15. Go ahead and store either of these 4 files in a USB so they are ready for distribution.
16. Now, it is finally time to start the campaign. To do that, click on the Start Campaign button.
17. On the prompt that pops up, select Start Campaign or Cancel accordingly.
18. Click OK to finalise.
19. You can view more than 10 entries in a single page by clicking on the drop-down list:
20. To pause the campaign, click on the Pause Campaign button.
21. Select Pause Campaign to confirm your actions or Cancel to step back.
22. Click OK to continue.
23. When returned to the campaign window, resume the campaign by clicking on the indicated option of the following screenshot:
24. Click on Resume Campaign to confirm or Cancel to negate the process.
25. Select OK in order to proceed.
26. Beginning with the Word file, let’s examine what should a user do in order to enable these payloads and what would the result be.
27. For the action to be received, the target user should open the file and select Enable Content.
28. The target user will now be prompted with this ok. message on their browser:
29. In case of the Excel file, the user should go ahead and open the file. When it opens up, they must select Yes on the following prompt:
30. Following up with clicking on the EnableContent button:
31. They will be prompted with this ok. message on their browser:
32. Alternatively, if they open the PowerPoint file, they must choose the Enable content for this session option and click OK.
33. They will be prompted with the following Thank you message on the PowerPoint file as well as the usual ok. message on the browser:
34. Finally, if they open the PDF file, they should press OK to allow the permissions:
35. Once again, they will be prompted with the ok. message on the browser:
36. Assuming that the user opened up and interacted with any of the files, we should expect a similar output to the following:
All the information is provided accordingly, but for security purposes, they are hidden in these images.
37. From the Search recipient button, we can denote a user that was identified as prone to the phishing attempt. In this way, she/he will be marked for future reporting and moderation under their respective organisation:
38. For demonstration purposes, we will mark 4 recipients from our list. You can click on Save or Cancel accordingly.
39. We chose to save the changes:
40. After the reception of results, you can click on the Complete Campaign button to terminate the procedure.
41. On the pop-up, select Complete Campaign or Cancel accordingly.
42. Click OK to conclude:
43. As we can see from the details, the campaign has been completed as expected!
44. As always, you may delete the campaign if you wish. Just click on the Delete Campaign button.
45. Select Delete Campaign to finalise your action or Cancel to abort.
46. Click OK to resume.
47. Since we’ve completed the campaign, it is no longer active but rather archived.
48. Click on Archived Campaigns to view the campaign.
49. We can see that it exists as an archived campaign with a Completed status.
50. To view the results of any campaign (either active or archived), select the button shown in the following screenshot:
51. To delete any campaign (either active or archived), click on the trash can button.
52. On the confirmation prompt that pops up, select Delete to confirm or Cancel to retreat.