Note: Smishing Campaigns require credits, 1 credit is used per target.
E.g If you sent 1 Lure to 5 people this equates to the use of 5 credits, if you send 2 lures to 5 people this also uses 5 Credits.
SafeTitan provides two types of Smishing campaign strategies.
Simple Smishing campaigns
Simple or "Ad-Hoc" Smishing campaigns can be used for penetration testing or staff evaluation and baselining.
An Ad-Hoc campaign is a simple mock Smishing campaign delivered for the purposes of identifying and evaluating high-risk users (susceptible to a malicious Smishing attack)
Smishing campaigns with reactive training
Smishing campaigns with reactive training provide the ability to identify and evaluate high-risk users and automatically enroll these users in Smishing awareness training.
We recommend that administrators begin by creating and testing a simple (Ad-Hoc) phishing campaign.
We also recommend that your first simple phishing campaign should be sent to you only.
This will test email delivery success and allows you to become familiar with your portal.
To create a Smishing campaign please complete the following steps.
Step 1: How to create a create a Smishing campaign
To begin, select the 'Smishing Manager' main menu item followed by the 'Smishing Campaign' sub-menu item.
Smishing Manager
- Smishing Campaigns
- Smishing Text Templates
- User Feedback Messages
- C-Suite Settings
You are now in the Smishing campaigns list.
Note: On a new portal, this list will be empty
- Select "Create a new Campaign" to start the Smishing campaign wizard
- On start up of the wizard click 'next' to being creation
- Now you will be able to set up the campaign and template usage
- Publish Mode
- Normal Mode - One template sent to all recipients simultaneously at publication time.
- Batch Mode - One template sent to all recipients at different times over a selected time period beginning at publication time. Recipients will receive their email at different times thus reducing a "tip off" effect.
- Burst Mode - Multiple templates sent to all recipients at different times over a selected time period beginning at publication time. Recipients will receive different templates at different times further reducing a "tip off" effect.
- SMiShing Type & Complexity
- Type - You can chose between Home and Personal, Business, attachments and C-Suite will be available once C-Suite information has been populated, Click here to find out how
- Complexity - With this you can decide how complex(Real) the template will appear.
- Template -
- Here you can decide the template you would like to send and preview below
- Publish Mode
Step 2: How to Configure campaign details
You can now configure your campaign in the Smishing campaign details form. The following configurable items exist.
1. User Feedback Message
Here you will be able to select the message the user sees if they click the link in the SMS. Preview of this is available.
Note you can create your own under Smishing Manager > User feedback Messages
2. Campaign Name
The campaign name is needed to identify and refer to the campaign in future. This is an editable field that contains a default name consisting of the template name + date/time stamp.
3. Campaign description
This is an editable field that contains the name of the email template by default.
4. Targeted Groups
Here you can add the groups or departments you wish to receive the phishing email.
Note as Smishing uses credits ensure the users mobile numbers are stored correctly
5. Locale
This is used to select the SMS content language.
6. Override user's default locale
When setting up a new user, they are given a default language. This option allows you override each users locale and force the email to contain the language selected in option 5 (Locale) above.
7. Create Reactive Training
Select this only if you wish to prepare a reactive training campaign. Reactive campaigns auto enroll users in training depending on if they clicked the link in the SMS.
8. Is Test Campaign
This will allow you to configure the campaign as a test so that the results are not recorded and company statistics are accurate to mock Smishing attempts.
.
Step 3: Scheduling your campaign
When scheduling a Normal campaign you will be asked only to populate a Publish Start, if you are creating a Batch or Burst mode, you will have the addition of a End date.
- Publish start: This will be the date and time your campaign starts publishing(SMS sending) and must be set to a minimum of 1 hour from your current time.
- Publish End: This is only used for Batch and Burst modes where it will set the time of when to step sending further texts, so it will space the SMS out within this time to the number of users you have targeted. This date and time must be set to a minimum for 1 hour from your start date and time
Step 4: Template Modifications
Here you will be able to create a custom sender name of the SMS, This is who the receiver will believe the Sender to be.
Note: Spaces will cause the Email to not send.
Step 5: Configuring Reactive Training
Here you will be able to decide the training you want to send out if configuring a reactive training.
- Name - This will be the name shown in your training campaign overview screen.
- Training - You will be able to select from Phishing awareness interactive training or video Training Topics
- Training Video - If you selected Video training topics, you will be able to select a training video to be assigned
- Assignment Template - Will be the template sent to notify of the assigned training.
- Reminder Template - Will be the template sent to Remind of the assigned training.
- Completion Template - Will be the template the user receives for course completion.
- Criteria - Here you will be able to specify what action conducted on the mock phish you want to sign up to training by turning on one or multiple triggers.
Step 6: How to submit a Smishing campaign.
On the Campaign Summary screen select the "Submit" button to proceed or "Cancel" to exit the wizard.
On the next screen select the "Close Wizard" button to exit the wizard.
Note: Once you close the wizard the requires will be deducted from your portal (1 credit per Target)
Step 9: How to view a Smishing campaign.
You are now back in the Smishing campaigns listing table where you will now see your first "Unpublished" Smishing campaign.
Using the drop-down actions menu to the right of the unpublished status you will find the following options.
Details
Selecting this option you will be able to see and overview of the campaign
To the right of the details button, you will have drop with quick actions.
Quick Actions
Edit - If the campaign is unpublished, you will be able to edit the campaign name and dates.
Delete - Will allow you to delete the campaign from your overview and the users training's
Publish - Where the campaign is not published, you will be able to set this or force publish the campaign (This will not work on Batch/Burst)
Complete - Will set this campaign to complete in the system
Delivery Report - Will state if the user received the email and when.
Results - will say which users clicked clicked link carried out training and completed training.
IP Results - Which IP's per users committed actions.
Browser Results - What Browser or OS the user may be using to access
Note: Because batch and burst mode campaigns have scheduled distribution times, you will not be able to manually publish such campaigns.