Using a Blind Phish

Created by Antonio Ortiz, Modified on Fri, 11 Sep, 2020 at 8:33 AM by Jason Carreiro

Question

What is a blind phish and when would I use it?

Answer

A Blind Phish allows you to measure your users without making them aware of the phishing assessment you are conducting. The main technical difference between a Blind Phish and a Simulated Phish is the landing page. A Blind Phish includes a landing page that the user would expect to see after taking the bait whereas a Simulated Phish the users would land on a teachable moment.

Organizations typically send out blind phishing campaigns at the start of their awareness program to obtain a baseline. This is sometimes done prior to or around the same time the organization announces the Security Awareness program.

When sending a blind Phish, select a landing page that the users would expect to see after falling for the bait such as the 404 HTTP page error.