Phishing Security Tests

Set Up an Ongoing Phishing Test

Once you've trained your users with your first security awareness training campaign, we recommend that you set up an ongoing phishing campaign. Depending on how often you train your users, you can set the campaign to send a test weekly, bi-weekly, monthly, or quarterly.

As a best practice, we recommend phishing your users at least once per month. For high risk users, we recommend bi-weekly testing. Regular phishing tests will allow your users to practice the skills they’ve learned in their security awareness training.

To set up an ongoing phishing campaign, follow the steps below:

  1. Log in to your KnowBe4 account and navigate to the Phishing tab.
  2. Click the + Create Phishing Campaign button.
  3. On the New Phishing Campaign page, create your campaign using the recommended settings listed below:
    1. Send to: Click All Users if you would like to test all users. Or, if you only want to test specific users, click Specific Groups and select the groups you would like to test.
    2. Frequency: You can select Weekly, Bi-weekly, Monthly, or Quarterly, depending on how often you train your users.
    3. Sending Period: Select Send emails over and set a timeframe of at least three business days. Setting a time period of at least three business days will ensure that your users don’t receive the tests all at once and can’t warn other users about the test. Depending on the Frequency option you selected, we recommend sending emails over 1 week for bi-weekly campaigns and over 3 weeks for monthly campaigns.
    4. Track Activity: We recommend that you track activity for at least three days.
    5. Track Replies to Phishing Emails: You can select this check box if you would like to track your users' replies to phishing test emails. We recommend that you only select this check box for reply-to phishing campaigns. For more information about reply-to phishing, see our Reply-to Phishing article.
    6. Template Categories: From the first drop-down menu, select the template categories that you would like to test your users with. From the second drop-down menu, select Full Random. These settings will ensure that your users receive different phishing tests.
      Important:When you choose templates from the first drop-down menu, do not select Security Hints and Tips or Scam of the Week categories. These templates are newsletters and do not include simulated phishing tests. Additionally, do not include any templates in languages that are not applicable to your users. For information about hiding templates, see our How Do I Hide Templates or Categories I Don’t Want to Use? article.
    7. Difficulty Rating: By default, this setting is set to All Ratings. If you would like to set a difficulty rating for the tests that will be sent to your users, you can select any of the options from the drop-down menu.
    8. Phish Link Domain: By default, this setting is set to Random Domain. We recommend that you do not change this setting.
    9. Landing Page: You can select a specific landing page that you’d like to use for all the phishing tests in this campaign, or you can leave this setting set to Default Landing Pages. For more information about our available landing pages, see our What Landing Page Should I Choose? article or our Landing Page Category Glossary.
    10. Add Clickers: You have the option to add users who fail the phishing test to a selected group. You can then add this group of users to a remedial training campaign at a later date. For more information about remedial training, see our Using Groups for Remedial Training article.
    11. Send an email report to account admins after each phishing test: Select this check box if you would like account admins to receive an email when each phishing test is complete.
  4. Once you are satisfied with your settings, click Create Campaign.

Can't find what you're looking for?

Contact Support