Phishing is a type of online fraud to trick people into providing sensitive information, such as usernames, passwords, and credit card details. The perpetrator pretends to be a trustworthy individual or entity.
You may want to run a phishing campaign to observe areas where training is needed and to get an understanding of the level of cyber security awareness among customers. Using a template, you can create a simulated phishing email that is sent to some or all of your customers at selected times. You can then create a training campaign to help increase your customers' cybersecurity awareness. When you create reports, you can see the effectiveness of your campaigns.
To create a new phishing campaign, go to Phishing Campaigns > Create New Campaign and follow these steps:
The first step in creating a phishing campaign is to select the template for the email that will be sent to users during the phishing campaign.
-
On the Template Selection page, select Filter Templates to help you find the email you want to use in the phishing campaign.
-
Using the options that are displayed, you can filter the templates as follows:
-
Choose Template Filters: Select the checkbox(es) to display templates based on their type, such as Home and Personal; Business; C-Suite; Attachments.
Note
C-Suite refers to executive titles in an organization, where C stands for "Chief", such as Chief Executive Officer or Chief Financial Officer. C-Suite is available once C-Suite information has been populated.
Choose Category Filters: Email templates can be displayed according to their categories, such as Banking, Shopping, and so on.
Choose Complexity Filters: You can display templates based on how complex you want them to be: Low, Medium, High.
Choose Creator Filters: You can choose from templates that are pre-populated or ones you have created.
-
Select OK to filter the results. If you want to clear the results on the Template Selection page, select Reset Filter.
-
For further help in locating a template, you can use both the sort and search functionality.
Click the up/down
arrows in the column titles to sort the contents in ascending or descending order.Enter a word in the Search field to filter results with that word.
Select the checkbox beside the template you want to use and then select Next Section to enter campaign details.
The second step in creating a phishing campaign is to enter the campaign details.
If you want to include an attachment in your email, select Use Attachment, and then click the download icon in the Attachment name field to attach it.
In the Attachment type field, select HTML, Word or Excel to identify the file type.
Select the phishing form you want the user to see in the Phishing Form field.
-
The Trigger field displays a range of actions that a user could take on a phishing form. Based on the option you select, the user receives a warning message after performing that action, as described below:
None: If you want to track a user's actions without sending them a warning message, select this option.
Enters Field: User clicks in either the User Name or Password field in the phishing form, which triggers the warning message.
Types in Field: Select this option if you want the user to get a warning message when they attempt to enter information in any of the phishing form fields.
Posts Form: User completes form and attempts to submit it, triggering the warning message.
Select Preview to see the content of the phishing email.
In the User Feedback Message field, you can select the message that you want the user to see when they click on an embedded phishing email link or open a phishing attachment. Click Preview to display the message.
Enter a Campaign Name to identify the campaign.
Enter a Campaign Description that provides details to help you recall when and why you created the campaign.
-
To add Training recipients, click Select. In the window that opens, you can select the customers you created in Create New Customer. If you have created Customer Groups, you can also select those.
If you have a large number of recipients, you can use both the sort and search functionality:
-
Click the up/down
arrows in the column titles to sort the contents in ascending or descending order.Enter a word in the Search field to filter results with that word.
-
Select Next Section to schedule the campaign.
The third step in creating a phishing campaign is to schedule the campaign.
In the Publish Start field, select the date and time you want the phishing campaign to start.
Similarly, select the Completion date field to select the date and time you want the phishing campaign to end. This date must be a minimum of 30 days from your Publish start date.
Select Next Section to modify the template.
The fourth step in creating a phishing campaign, which is optional, is to modify the email template you want to use. Your email template contains default values pertaining to the sender and subject. You can customize these values by following the steps below.
Select the Email field to edit the name of the email sender, such as info or admin.
In the @ field, you can change the domain of the email sender, for example, e-messages.com or e-owa.com. If you want more spoofing domains, please contact Support to have them added.
In the Name field, you can edit the sender's name as you want it to appear in the recipients' email inbox.
If you want to edit the subject, you can do this in the Subject field.
Select Next Section to finish creating the phishing campaign.
This is the final step in creating your phishing campaign. Review the summary of your campaign and when you are satisfied that the information is correct, select Create Campaign.
If you notice an error, you can go back to the previous steps and make changes. The Confirmation page will automatically update.