PhishFlip
PhishFlip is a PhishER feature that allows your organization to reuse user-reported emails in phishing campaigns in your KMSAT console. PhishFlip will remove all of the malicious elements from the reported emails so that they are safe to send to your users. Any attachments will also be replaced with safe attachments that copy the name and file type from the original reported email.
In order to use the PhishFlip feature, you must have Full PhishRIP Security Role access enabled on your PhishER platform. To learn how to create and update Security Roles, please visit our PhishER Settings article.
Jump to:
Creating KMSAT Templates from PhishER
Creating Automatic PhishFlip Campaigns
Creating Phishing Campaigns with PhishFlip Templates
Reports
Creating KMSAT Templates from PhishER
PhishFlip will automatically create a KMSAT phishing template once a PhishFlip is initiated or when you select the Create KMSAT Template option in the PhishER platform.
There are three ways to create KMSAT templates: Run Drop-down Menu, Message Details, and Actions. Click on the drop-down to view the steps for each method.
Any messages that have been successfully PhishFlipped will appear in your PhishFlip template category under your My Templates section in your KMSAT console.
- Navigate to PhishER > Inbox.
- Click the checkbox to the left of the message you want to select. The Run drop down menu will display in the top-left.
- Click on the Run drop-down menu.
- Click on the Create KMSAT Template option. This will create and add the new defanged templates to the PhishFlip category under the My Templates category.
Using this option, you can create a PhishFlip campaign inside of the KMSAT console to include all of your users or specific users and any of your new PhishFlip templates.
You can follow the steps above to create KMSAT Templates from previously created PhishRIP Queries. Navigate to PhishRIP then click on the query you want to make templates from and follow steps 2 to 4 from above.
- Navigate to PhishER > Inbox.
- Click on a message. This will open the Message Details screen.
- Located to the right of the Message Details is the Actions and Discussion sidebar.
- Click on the Run drop-down menu.
- Click on the Create KMSAT Template option. This will create and add the new defanged templates to the PhishFlip category under the My Templates category.
Using this option, you can create a PhishFlip campaign inside of the KMSAT console to include all of your users or specific users and any of your new PhishFlip templates.
You can also perform this action from the PhishRIP Message Details screen. Use the SourceID found on the PhishRIP Queries page to open the PhishRIP Message Details. Then use steps 2 to 4 from above to create a KMSAT phishing template.
- Navigate to PhishER > Actions.
- Name and add a description for the action. We recommend assigning a meaningful name and description to your action.
- In the Find Similar Messages section, select the Create a KMSAT Phishing Template option.
- (optional) Select the Automatically PhishFlip all found messages option if you would like to PhishFlip all messages triggered by this action. This option becomes available if you have a Security Role with Full PhishRIP access.
Creating Automatic PhishFlip Campaigns
You can create automatic PhishFlip campaigns of specific user-reported emails from the PhishER platform. This can be accomplished from the Inbox, Actions, Message Details, PhishRIP Queries, and PhishRIP Message Details.
Using the Automatically PhishFlip all found messages option is an automated Action. The automatic campaigns created from this process will be for the users who received the non-simulated version of the email. This will include any message that is found during the PhishRIP query and is generated from the automated action.
Note:
All of the automatic phishing campaigns will use the default landing page that was set in your KMSAT Account Settings. To learn how to change your default landing page, see our How to Edit Your Account Settings article.
- Navigate to PhishER > Actions.
- Name and add a description for the action. We recommend assigning a meaningful name and description to your action.
- In the Find Similar Messages section, select the Automatically PhishFlip all found messages option if you would like to PhishFlip all messages triggered by this action.
If the Action is set to run automatically, the PhishFlip campaign will run once the Action is triggered. For more information on how to configure your Action to run automatically, please see our How Do I Create a Rule and Action in PhishER article.
- Navigate to PhishER > PhishRIP.
- Click on the desired PhishRIP Query ID. This will open the PhishRIP Messages screen.
- Mark the checkbox next to the message to see the Run drop-down menu.
- Click on the Run drop-down menu.
- Click on the PhishFlip option. This will move the email from the user's mailbox to the Quarantine folder, create a template in KMSAT, then start a PhishFlip campaign.
You can find the new phishing campaign using the PhishFlip filter on the Campaign screen in your KMSAT console.
Creating Phishing Campaigns with PhishFlip Templates
To create a phishing campaign using your PhishFlip templates, go to the Phishing tab of your KMSAT console and use your PhishFlip templates. For more information on how to create and manage your phishing campaigns, please see our Creating and Managing Phishing Campaigns article.
Reports
Using the Include PhishFlip Campaigns drop-down, you can include, exclude, or only show PhishFlip campaign data in your reports.
If you select the Include PhishFlip option, the report will include data from all our your phishing campaigns including PhishFlip campaigns.
If you select the Exclude PhishFlip option, the report will include data from all phishing campaigns except for PhishFlip campaigns.
If you select the Only PhishFlip option, the report will include data from only PhishFlip campaigns, excluding all other phishing campaigns.
For more information on how to generate different types of reports using or excluding PhishFlip data, please see our Monitoring and Reviewing Overall Phishing Reports article.
Comments
0 comments
Article is closed for comments.