Table of Contents
Mail communication issues
There are many reasons for mail communication errors. Example: In Compliantly mails appeared to be sent to your recipients. But mails never arrived or arrived very late. There a few issues to check:
Did you use a mail address with a domain that points to a different MX record? If you use [email protected] as an example for the sender most mail servers will block that mail since Compliantly is not the official mail server for this service.
Did you use a valid recipient address? If you uploaded a recipient like “[email protected]_does_not_exist.com no mail will arrive since there is no mail server for the domain domain_does_not_exist.com”
Mail might have been rejected at the recipient mail server because many mail servers reject mails from a server, that has no valid MX record. You would see the status within Compliantly in the error log.
Did you define your own company domain as a sender? Example: you try to phish your employees with the domain mycompany.com, which actually is the official domain for your company? Problem is: there might be a DNS record (example SPF) that defines, which mail server is allowed to send mails on behalf of this domain. If such a record exists your mail server will deny mails coming from a different server using this domain. The solution here: if you still want to perform a phishing test with a domain like the one from your company we recommend reserving a similar domain like “my-company.com” or place a typo in there like “myconpany.com”. Most users won’t recognize the difference and you have an additional feature to test the awareness.
Compliantly says “mail test failed” when I start a campaign
To make sure mails arrive we recommend defining a test mail recipient and conducting a test run. If the mail does not arrive you can contact us, and we will help you.
Mails may arrive delayed
This is usually not caused by Compliantly. If we cannot establish an SMTP connection we won’t retry for many hours. This is easy to verify: Compliantly tells you if all mails have been sent. Usually this is done within seconds or minutes and can also be tracked with Wireshark or similar tools. So if all mails have been sent then technically there is nothing left for Compliantly to do to accelerate delivery. So in over 95% of cases the process of delivery takes less than a minute. In a few cases the message could take as long as 5 days to complete its trip from sender to recipient. It rarely takes more than 5 days, as one of the SMTP servers will send the message back as undeliverable. And yes, the e-mail that contains the error message could take 5 days to get back! You also have to remember that there is a lot of software and hardware in between that your email has to pass through to get from the point of origin to its destination. Whether is server hardware, software, routers, switches, copper or fiber optic cables, power grids, or even your own computer, there are many potential points of failure along the way. If any one of these has an outage or is overloaded, a delay can occur.
Exe Collection Data: Compliantly cannot see any data from users that clicked on the executable
Is the Exe running on Win7/Win8 with Internet Explorer? If not it won’t work (e.g. if it gets executed on a MAC or Linux Host). We support Mozilla Firefox too. But there might be issues depending on the browser settings.
Can you reach Compliantly from the internet via HTTP or HTTPS? If not the tool also won’t be able to save the data. Make sure the DNS resolution works and the according firewall port mappings are set.
Malware Simulation: The Malware sample gets “detected/blocked” by my Antivirus
It is very unlikely that the file is classified as a virus since we don’t simulate any virus behaviors (we don’t do any changes on the system). But we noticed that certain vendors have a category like “suspicious. insight” or “unknown”. Basically it gets classified comes from an unknown source and there is no record of this file in the internet. As a result any unknown software would be put in this category.
Recipient Statistics: a user has accessed Compliantly for example with MAC OS & Safari but in the browser and OS stats it says for example Windows /IE
This could happen if the access over the internet from the client is going over some gateway (proxy, content filter etc.). Compliantly might only see the connection details from that gateway.
Statistics Page: I see way more page views than send out mails
It is possible a user forwards the mail or clicks on the same link more than one time
It is possible the user re-visits/re-fresh's the page
Page views are always higher than the amount of mails sent since each page (login page, account page or refresh of the browser counts as a page view).
Statistics Page: I see way more link clicks than send out mails
There are circumstances where automated SPAM filters on a mail gateway will first visit and test all the links before sending out the mail. Compliantly records those links as visited, even though the mail might not have arrived at the user yet.
Running a Campaign: the link does not work anymore
After starting your campaign the users will get a randomized URL send via Mail that might look like this: Users will get some random link send within a campaign that might look like this: https://phishing.compliantly.com/a5b371863fc2d6b5e2bf2bc2199597135f3db17c9a9194247002ae86e24c75ff. This is a system generated link that cannot be altered! Each user gets a different link. In case you changed the link in the mail manually it won’t work.
Another reason why the URL is not reachable anymore is when the campaign is stopped. Only when it is started the URL will work.
Running a Campaign: It takes me automatically to the “authenticated” account page when I click on the URL in the mail
This means that you have already clicked on that URL in the mail before and authenticated. As an authenticated user you will have a session cookie stored in your browser which takes you automatically to the authenticated page. This is intended since we don’t want users to authenticate twice. By deleting your browser cache you will get to the login page again after clicking on the link in the URL
I ran a campaign with a test group, modified the templates and wanted to run it again. But mails then are not sending out to the same group again.
To solve this you simply need to stop the campaign, delete the recipient group, then add the same recipient group again and start the campaign again.
Infrastructure Issue: Links in mails in my company cannot be opened
You might not allow direct access to the internet via a web browser. Instead, you might allow access to the internet using a physical different PC or a different infrastructure (e.g. accessing the internet via Citrix etc.). As a result a link sent in a mail can’t be opened). The only way to conduct a phishing attack in such an environment without having the user to type a long randomized URL into a different system is by setting a directory within the URL manually. This can be done within the recipient file. There is a variable which you can set called “Link” – a unique link part for the landing page. If you specify this, please make sure it is unique across all recipients in the scenario and does not contain any special characters. If you skip this, the link will be generated automatically. You can choose a simple name for a link for a group of recipients (keep in mind that you can upload different recipient groups per scenario). Recipient group 1 could look like this:
Recipient group 2 could look like this:
The user from Recipient group 1 would then receive a link to your campaign which he can remember easily (and therefore manually type in a different browser) like http://your.phishing-domain.com/USA. The user from Recipient group 2 would get a link like http://your.phishing-domain.com/Switzerland.
When you perform a test run with your campaign the SPAM check hangs
The SPAM check will verify over 200 online DB's. This takes at least 10-15 minutes for this check to be finished! The SPAM check is optional and not enabled by default.
No time statistics are tracked (including recipient scenario and awareness time) when using Google Chrome
Google Chrome (version 81.0.4044 and newer, for Windows) blocks tracking the time spent on the page.