SafeTitan provides two types of phishing campaign strategies.
Simple phishing campaigns
Simple or "Ad-Hoc" phishing campaigns can be used for penetration testing or staff evaluation and baselining.
An Ad-Hoc campaign is a simple mock phishing campaign delivered for the purposes of identifying and evaluating high-risk users (susceptible to a malicious phishing attack)
Phishing campaigns with reactive training
Phishing campaigns with reactive training provide the ability to identify and evaluate high-risk users and automatically enroll these users in phishing awareness training.
We recommend that administrators begin by creating and testing a simple (Ad-Hoc) phishing campaign.
We also recommend that your first simple phishing campaign should be sent to you only.
This will test email delivery success and allows you to become familiar with your portal.
To create a simple phishing campaign please complete the following steps.
Step 1: How to create a phishing campaign
To begin, select the "Phishing Manager" main menu item followed by the "Phishing Campaigns" sub-menu item.
- Phishing Campaigns
- C-Suite Settings
- Phishing E-mail Templates
- User Feedback Messages
You are now in the phishing campaigns list.
Note: On a new portal, this list will be empty
- Select "Create a new Campaign" to start the phishing campaign wizard.
- After reading some basic information on phishing, select the "Next" button to proceed or "Cancel" to exit the wizard.
- Now you will be able to select the send mode and templates.
- Send Mode
- Normal: One phishing template sent to all recipients simultaneously at publication time.
- Batch: One phishing template sent to all recipients at different times over a selected time period beginning at publication time. Recipients will receive their email at different times thus reducing a "tip off" effect.
- Burst: Up to phishing templates sent to all recipients at different times over a selected time period beginning at publication time. Recipients will receive different templates at different times further reducing a "tip off" effect.
- Email Template
- Template Type - You can chose between Home and Personal, Business, attachments and C-Suite will be available once C-Suite information has been populated, see the below note.
- Category - You chose the specific template information e.g. Account Issues, Medical, Social Media, or Tax.
- Complexity - With this you can decide how complex(Real) the template will appear.
- Creator - Here you choose our pre-populated lure or ones you have created.
- Send Mode
Note: A fourth Template Type also exists C-Suite. This is made available once you configure your C-Suite information Here.
This information includes Chief Executive Officer and Chief Financial Officer names for usage in CEO mock phishing campaigns.
Step 2: How to configure a phishing campaign Details
You can now configure your first phishing campaign in the phishing campaign details form. The following configurable items exist.
1. Use Attachment.
By turning on this feature you will be adding an attachment to the email. with this turned on you can then set the following.
- Attachment name - Name of the attachment
- Attachment type - appear as a word, Excel or html
2. User Feedback Message.
SafeTitan provides the facility to create customized user feedback messages. These messages are presented to the recipient upon clicking on an embedded phishing email link or opening a phishing attachment.
When using your portal for the first time a SafeTitan default user feedback message is available. You can preview the user feedback message by selecting the preview button to the right of the "User feedback message" option.
3. Phishing Form
This will be the web page the user is direct to after carrying out the 'Trigger'
- Trigger - Will be the minute they do the action show the user the field
3. Campaign name:
The campaign name is needed to identify and refer to the campaign in future. This is an editable field that contains a default name consisting of the template name + date/time stamp.
4. Campaign description:
This is an editable field that contains the name of the email template by default.
5. Targeted groups
Here you can add the groups or departments you wish to receive the phishing email.
Remember: At startup, you are the only user on your portal and you are a member of the "Default Department"
For your first campaign simply select the "Default Department" unless you have created a new department and moved your username into that department.
If you have other users in your department it is recommended that you test your first campaign on yourself and maybe a colleague so be aware of the department or group you select here.
See managing users and groups for more information.
Step 3: How to schedule a phishing campaign
When scheduling a Normal campaign you will be asked to populate a Publish Start and Completion date, if you are creating a Batch or Burst mode, you will have the addition of a End date.
- Publish start: This will be the date and time your campaign starts publishing(Emails sending) and must be set to a minimum of 1 hour from your current time.
- Publish End: This is only used for Batch and Burst modes where it will set the time where deliver of the emails will stop, so will space the emails out within this time to the number of users you have targeted. This date and time must be set to a minimum for 1 hour from your start date and time
- Completion date: This is the date of which the campaign will be marked as completed in your system. This date must be a minimum of 30 days from your Publish start date.
Step 4: How to configure phishing campaign options.
This is used to select the email content language.
2. Override users default locale
When setting up a new user, they are given a default language. This option allows you override each users locale and force the email to contain the language selected in option 1 (Locale) above.
3. Create reactive training.
Select this only if you wish to prepare a reactive training campaign. Reactive campaigns auto enroll users in training based on phishing email activity. (e.g. Opening email, clicking on link, opening an attachment etc.)
For your first campaign, we recommend that you stick to a simple campaign.
4. Is Test Campaign
This will allow you to configure the campaign as a test so that the results are not recorded and company statistics are accurate to mock phishing attempts.
Step 5: Phishing campaign sender and subject details. (Template Modifications)
The sender and subject information contain default values pertaining to the subject matter of the selected phishing email template.
You may customize these values using the following options in the email template modifications form:
1. Email from:
Edits the name of the email sender. (e.g. info, admin, Jim etc)
Change the domain of the email sender. (e.g. e-messages.com, e-owa.com etc)
Note: to add more domains to this list, submit a support request to the SafeTitan support desk.
2. Custom subject:
Customize the email subject
3. Custom from name
Customize the sender name appearing in the recipients' email inbox.
Step 6: How to Configure Reactive Training
Here you will be able to decide the training you want to send out if configuring a reactive training.
- Name: This will be the name shown in your training campaign overview screen.
- Training: You will be able to populate the category, and decide the type of training to send (e.g. Videos, Policies, etc)
- Criteria: Here you will be able to specify what action conducted on the mock phish you want to sign up to training by turning on one or multiple triggers.
Step 7: Configuring reactive training options
- Use Instant Training: set to No as default - By turning this on, you only want the user to see the training on their portal if the carried out the actions listed under Criteria in step 6.
- Generate Certificate: set to No as default - By turning this on the individual will be sent a certificate after course completion.
- Send Assignment Email: Yes as Default - This will trigger an email to the user that they have been registered in training.
- Assignment Template - Will be the template sent to notify of the assigned training.
- Send Completion Email: Yes as Default - Will send the user an email to notify them of course completion
- Completion Template - Will be the template the user receives for course completion.
- Training Reminders: Can be configured by clicking 'Configure Reminders' You can set Reminders for specific dates or a set number of days before the training completion, you have the correct selection added click 'Add Reminder'
Step 8: How to submit a phishing campaign
On the Campaign Summary screen select the "Submit" button to proceed or "Cancel" to exit the wizard.
On the next screen select the "Close Wizard" button to exit the wizard.
Step 9: How to view a phishing campaign
You are now back in the phishing campaigns listing table where you will now see your first "Unpublished" phishing campaign.
Using the drop-down actions menu to the right of the unpublished status you will find the following options.
Selecting this option you will be able to see and overview of the campaign
- Campaign Information - Summary of all selected in the wizard such as Template, Send Mode, Target users , etc.
- Campaign Delivery Report - Will state if the user received the email and when.
- Campaign Bounce Report - Will state which of the users did not receive the emails.
- Campaign Results - will say which users clicked clicked link carried out training and completed training.
- IP Results - Which IP's per users committed actions.
- Browser Results - What Browser or OS the user may be using to access
- Result Analysis - Delivery Success and Times.
To the right of the view button, you will have drop with quick actions.
Edit - If the campaign is unpublished, you will be able to edit the campaign name and dates.
Delete - Will allow you to delete the campaign from your overview and the users training's
Publish - Where the campaign is not published, you will be able to set this or force publish the campaign (This will not work on Batch/Burst)
Complete - Will set this campaign to complete in the system
Archive - Will stop this from appearing to users.
Clone - Will create a and ask for you specify the name and targets.
Step 10: How to View the Reactive Training Results
- Navigate to your Training Manager
- From the sub Menu select Training Campaigns
- Click the drop down arrow on the training campaign
- Select Results
Note: Because batch and burst mode campaigns have scheduled distribution times, you will not be able to manually publish such campaigns.
It is more effective to run standard mode phishing templates when running early tests.