Security
- Richard Vesely
LazyPhish has some IT security concepts to ensure that this tool is used only for testing purposes on correct domains and that the test results can not be misused.
Domains used for Campaigns
Any domain that is planned to be used in testing phishing campaign must be validated before use. This ensures that only domains that are under control of the owner are used.
Our email can be traced by IT department and their experts can also report misuse through our service desk.
Only email address of domain owner that has the right to approve the use of this domain can be used for the domain validation. This is typically CISO or C-level Management of a company. This legal action (approval) will be recorded in our systems. Any misconduct will be subject to legal actions.
Please note that there is also a manual checking process and in case of suspicious activity we have the right to immediately stop any campaign and lock account that started a campaign on domain without proper approval of the owner.
Domains Black List
Domain blacklist is introduced in LazyPhish to block any free mail domains which can not be used for Testing Phishing Campaings.
Sensitive Data
Credentials submitted by users in Testing Phishing Campaign
We do not capture and store any credentials submitted by user. We store only the information that data was submitted.