Question

What is a blind phish and when would I use it?

Answer

A Blind Phish allows you to measure your users without making them aware of the phishing assessment you are conducting. The main technical difference between a Blind Phish and a Simulated Phish is the landing page. A Blind Phish includes a landing page that the user would expect to see after taking the bait whereas a Simulated Phish the users would land on a teachable moment.

Organizations typically send out blind phishing campaigns at the start of their awareness program to obtain a baseline. This is sometimes done prior to or around the same time the organization announces the Security Awareness program.

When sending a blind phish, select a Teachable Moment that will not alert the end user to the fact that they received a simulated phish.

You can customize your own blind phish template or filter to our error messages upon campaign creation.

Important Considerations:

• A blind phish is most often the first user interaction when rolling out a new user awareness training program.
• This usually is sent before any user communications are performed. 
• As such, Proofpoint recommends that you carefully choose your phishing templates for such blind phishing tests.
• The Teachable Moment of a regular phishing simulation contains an acknowledgement and instructions not to contact the company that is named in the template.
• However, with a blind phish test, the users will not see this.
• If the template is too compelling, the user may reach out to the company in question and create an issue for that company or the users’ company, resulting in unwarranted alarm. 
• Therefore, Proofpoint recommends relatively generic phishing templates to be used for this purpose.