Articles in this section

Create USB - CD Drop Files

PhishingBox offers a template for creating USB (or any local storage) drops that can be placed around selected locations. If a target picks up the storage device and loads a .html file and clicks a link that is on the device, then a clicked link action can be recorded. USB drops allow you to test your organization's vulnerability to potential device drop attacks. Follow the instructions below to configure a USB drop template.

  1. Create several aliases or actual emails on your email system with distinguishing names, such as location1@yourcompany.com, location2@yourcompany.com, etc. These emails will be used for each location where a USB/CD will be placed. We also recommend creating one additional email for testing to ensure the configuration works properly. 
    • NOTE: These are not emails for your targets, but emails that you are able to receive.
  2. Import these emails into a Group in PhishingBox.
  3. Create a social engineering test with these emails using the template named 'USB-CD-DROP'. You can find this template in the template library. Make any changes to the template as you see fit.  When a target clicks on the file in the USB or CD, they will be taken to the landing page just configured.  
  4. When the emails are received from the test configured in step three, copy the HTML body of the email and place it in a text file with a .html extension and upload the file to a storage device. You can name the file whatever you would like, but you need to keep track of where you place each file at the target site.
    • NOTE:  A file should be created for each unique email address.  Each email should be used for a specific location.  We also recommend creating at least one additional file for testing to ensure the configuration works properly.
  5. Place the devices at the desired physical locations.
  6. The actions of the target, such as opening the file, will be recorded.  However, the actions will not identify a specific individual.  In most cases, it will report the public IP address of the location where the file was accessed—as such, knowing which file was placed where is key to a successful test.  Depending on the security settings of the target's computer system, they may be warned about opening such a file.  If they cancel the opening of the file, no actions will be recorded.
Was this article helpful?
2 out of 4 found this helpful