The Phishing Reply-To Tracking feature will allow you to run phishing campaigns that will test your users with simulated phishing attacks while also tracking to see if they respond to cybercriminals. Companies will also be able to see the user’s response to these attacks.

Having the ability to track Business Email Compromises (BEC) will help companies spot this type of scam and allow them to deploy the necessary employee training and awareness to lower their risk.

In the Template Library, you’ll see a new category of phishing templates named Email Reply Templates that are designed the mimic Internal Company Emails and will test if your employees interact with the bad actors sending nefarious phishing emails. We have created a category of system phishing templates called Reply-To Online which are specifically designed to test whether users will interact with “the bad guys” on the other end.

The Phishing Reply-To Tracking feature will also work with all of PhishingBox’s existing templates, as well as any templates that you create or modify.

How to Use This Feature

In our Template Library, you’ll see new templates with titles that start with "Business Email Compromise" which are designed the mimic Internal Company Emails and will test if your employees interact with bad actors sending nefarious phishing emails.  The ‘Phishing Reply-To Tracking’ feature will also work with all of PhishingBox’s existing templates, as well as any templates that you create or modify.

Step 1:

When editing a template, in the Email Settings portion, click the Track Reply-To button. This option is turned off by default for all templates not marked “Business Compromise Email.”

Step 2:

Click the Select Outgoing/Incoming Server link located under Mail Server Settings directly under Track Reply-To Button.

• Note: to fully utilize 'Reply-To Tracking' you will only need to configure ‘Incoming Mail Server’ settings. Leave the ‘Outgoing Mail Server’ information blank unless you’re utilizing this feature as well.

Step 3:

Outgoing Mail Server (SMTP): Make sure all these fields are left blank unless you’re utilizing this feature.

Incoming Mail Server (IMAP): Make sure all of this information is properly filled out.

Step 4:

Click the Test Settings button to confirm everything is working properly.

If you are running into any issues, please verify that your Incoming Encryption, Port, and Password Settings are correct. Please contact support@phishingbox.com if the problem persists.

Step 5:

Once everything checks out. Click the confirm button.

Step 6:

In the Email Setting portion of the template, you need to make sure that the 'Reply-To Email' listed here matches the ‘Reply-To Email’ that you listed in the ‘Mail Server Settings’ of the ‘Incoming Mail Server’ setting that you just configured.

Step 7:

For mail settings to take effect you must Save the template.

Where Do I Review the Content of User’s that Reply to These Emails?

When viewing a Campaign’s Full Report, under the Individual Actions section, you’ll see a box that says, View Reply. Click this button to view the user’s reply.

• Note: We only track the first reply from your user in the reports and in the PhishingBox Portal. It may also take up to 30 minutes for the email content to show up in the Report section.