Data Entry User Password Not Collected

Created by Abderrahim Ibnou el kadi, Modified on Fri, 11 Sep, 2020 at 8:33 AM by Jason Carreiro

Question

If a password is entered in a Data Entry Campaign, is that information retained?

Answer

Our Phishing program does not collect the user's password; just the user ID.   The way that our Data Entry campaigns work are: 

  • We clone the login page you specify 
  • We look specifically for the username field 
  • Our code searches for a form named login, userid, username, email, etc. We specifically DO NOT look for the password field.
  • When the user clicks the login button, only the username/email address portion of the login page is transmitted to the Phishing server. 

Our intent when we designed the feature was to ensure that the password never even leaves the user's web browser.