Setting up a Recurring Phishing Test
We recommend that after you train your users with your first security awareness training campaign, you begin an ongoing phishing campaign. Depending on your security awareness program, this recurring phishing test may be set to weekly, bi-weekly or monthly.
As a best practice, we recommend phishing your users at least bi-weekly. Why? Regular phishing tests will allow your employees to practice the skills they’ve learned in security awareness training.
The recommended settings are shown below and will help you maximize the variety of phishing emails utilized and also spread the emails out over time. Through this fully random method, employees will not be able to warn each other about the phishing test taking place.
Set up your ongoing phishing campaign with the below settings:
- Frequency: Weekly, Bi-weekly, or Monthly, depending on your security awareness program.
- Sending: Send emails over at least three business days.
- This way, users will not receive the emails all at once, and cannot warn each other about a phishing test taking place.
- Track Activity: Track phishing test failures for at least three days.
- Track Replies: You can turn this setting on if you wish to track user replies to phishing test emails.
- For more information on reply-to phishing, see our Reply-To Product Manual.
- Categories: Choose multiple template categories, and choose "Full Random" from template drop-down to choose a random template for each user.
- Exclude non-applicable languages, Security Hints and Tips, and Scam of the Week categories.
- Difficulty Rating: Optional
- If you'd like, here you can choose to limit the difficulty of the templates you've selected to specific star ratings, from one to five.
- Phish Link Domain: Leave as random.
- Landing Page: Optional
- Choose a particular landing page you'd like to use for all phishing templates, or leave as default.
- For more information about landing page selection, see: What Landing Page Should I Choose?
- Add Clickers: Here you can select your Clickers group.
- Each time someone fails your phishing test, they will be added to the selected group. You can use this group for Remedial Training in the future if you'd like.
- Check "Send an email report to account admins..." if you'd like to be notified when the phishing test is completed.