PhishFlip

PhishFlip is a PhishER feature that allows your organization to reuse user-reported emails in phishing campaigns in your KMSAT console. PhishFlip will remove all of the malicious elements from the reported emails so that they are safe to send to your users.

In order to use the PhishFlip feature, you must have PhishRIP enabled on your PhishER platform. To learn how to enable PhishRIP, please visit our PhishER Settings article. To learn about PhishRIP Queries and how to find Similar Messages with PhishRIP, please visit our PhishRIP article.

Jump to:
Creating KMSAT Templates from PhishER
Creating Automatic PhishFlip Campaigns
Creating Phishing Campaigns with PhishFlip Templates
Reports

Creating KMSAT Templates from PhishER

Phishflip will automatically create a KMSAT phishing template once a PhishFlip is initiated or when you select the Create KMSAT Template option in the PhishER platform.

There are three ways to create KMSAT templates: Run Drop-down Menu, Message Details, and Actions. Click on the drop-down to view the steps for each method.

Any messages that have been successfully PhishFlipped will appear in your PhishFlip template category under your My Templates section in your KMSAT console.

Method 1: Run Drop-down Menu

Navigate to PhishER > Inbox.
Click the checkbox to the left of the message you want to select. The Run drop down menu will display in the top-left.
Click on the Run drop-down menu.
Click on the Create KMSAT Template option. This will create and add the new defanged templates to the PhishFlip category under the My Templates category.

Using this option, you can create a PhishFlip campaign inside of the KMSAT console to include all of your users or specific users and any of your new PhishFlip templates.

Method 2: Message Details

Navigate to PhishER > Inbox.
Click on a message. This will open the Message Details screen.
Located to the right of the Message Details is the Actions and Discussion sidebar.
Click on the Run drop-down menu.
Click on the Create KMSAT Template option. This will create and add the new defanged templates to the PhishFlip category under the My Templates category.

Using this option, you can create a PhishFlip campaign inside of the KMSAT console to include all of your users or specific users and any of your new PhishFlip templates.

Method 3: Actions

Navigate to PhishER > Actions.
Name and add a description for the action. We recommend assigning a meaningful name and description to your action.
In the Find Similar Messages section, select the Create a KMSAT Phishing Template option.
(optional) Select the Automatically PhishFlip all found messages option if you would like to PhishFlip all messages triggered by this action. This option becomes available if the Automatically quarantine all found messages is selected.

Creating Automatic PhishFlip Campaigns

You can create automatic PhishFlip campaigns of specific user-reported emails from the PhishER platform. This can be accomplished from the Actions section and from the PhishRIP Queries section of the platform.

The automatic campaigns created from this process will be for the users who received the non-simulated version of the email. This will include any message that is found during the PhishRIP query and is generated from the automated action.

Method 1: Actions

Navigate to PhishER > Actions.
Name and add a description for the action. We recommend assigning a meaningful name and description to your action.
In the Find Similar Messages section, select the Automatically PhishFlip all found messages option if you would like to PhishFlip all messages triggered by this action. This option becomes available if the Automatically quarantine all found messages is selected.

You can use this option to automatically create a campaign and send the new defanged email to all the users where the message is found.

Method 2: PhishRIP Queries

Navigate to PhishER > PhishRIP.
Click on the desired PhishRIP Query ID. This will open the PhishRIP Messages screen.
Mark the checkbox next to the message to see the Run drop-down menu.
Click on the Run drop-down menu.
Click on the PhishFlip option. This will create the phishing template of that email and automatically begin a phishing campaign.

You can find the new phishing campaign from the PhishFlip Campaign screen in your KMSAT console.

Creating Phishing Campaigns with PhishFlip Templates

To create a phishing campaign using your PhishFlip templates, go to the Phishing tab of your KMSAT console. Then, click the +Create Phishing Campaign button in the upper right corner to open the campaign creation screen.

Detailed below are the various options that are available on the Create Campaign page. The fields Campaign Name, Send to, and Template Categories are required, but we encourage you to customize your campaign settings as much as you like. Once you are happy with the campaign settings, click Create Campaign at the bottom of the page.

Click on one of the headers below for more information on a specific option.

1. Campaign Name

Name your campaign something descriptive, such as "Monthly IT Test" or "Holiday-Themed Campaign". This name will help you to identify the campaign in other areas of the console.
This name can also help you keep track of the purpose or scope of the campaign when displayed in other areas of the console.

2. Send to

Select the users who should receive a phishing security test from this campaign. You can choose between All Users or Specific Groups.
If you choose Specific Groups, you must also select one or more user groups from the drop-down menu.

3. Frequency

Select how often phishing security tests should be sent for this campaign.
If you select One-time, this campaign will send only one phishing security test for each user and the campaign will not reoccur.

4. Start Time

Set the time that this campaign should start. This is especially helpful if you want to create a campaign in advance.

By default, phishing campaigns will use the time zone that is set in your Account Settings. If you would like the campaign to follow a different time zone, you can select the desired time zone from the drop-down menu.

5. Sending Period

Select when the phishing security tests will be sent, once the campaign starts. You can choose to send all of the emails at once or send the emails over a period of time.

Send all emails when the campaign starts
Selecting this option will send phishing tests to all of the selected users when the campaign starts. Delivery takes about one second per email. This means users will not receive emails at the exact same time but they will receive them within a similar time period.
Send emails over...
Selecting this option will send phishing tests to the users at random, during the time period selected. You can enter a digit between 1 and 6 and choose from business days, weeks, or months.

6. Define Business Days and Hours

If you choose to send emails over a specified time period, the campaign will use the business hours that are set in your Account Settings by default. If you would like the campaign to follow different business hours, you can select the days and hours in this section.
Business days and hours will be respected no matter what sending duration you choose. This means, if you set your campaign to send emails for a month, emails will only be sent on the business days within that month and during your defined business hours.

7. Track Activity

Select the length of time that phishing test failures will be tracked, after the last email has been sent. You can enter a digit between 1 and 6 and choose from business days, weeks, or months.

8. Track Replies to Phishing Emails

Enable this setting to track when your users reply to a simulated phishing email. Once this setting is selected, more options will display. In this section, you can set a custom reply-to domain, choose to record replies to phishing tests, and choose to record out of office replies. For more information on setting up a reply-to phishing campaign, see our Reply-To Phishing article.

9. Template Categories and Template Selection

In this section, you can select which simulated phishing emails you would like to send to your users in this campaign. From the first drop-down menu, select one or more categories to use. Then, the templates from the selected categories will populate in the second drop-down menu.

Using the second drop-down menu, we recommend choosing one of our Automated Template Selections: AIDA Selected, Full Random, or Random. For more information, see our Automated Template Selection article.

Alternatively, you can select a single template to send to all users enrolled in the campaign each time the campaign runs. Preview the selected email by clicking the Preview link to the right of the drop-down menu.

If you select a specific template, you can preview the email by clicking the Preview link to the right of the drop-down menu.

Note: We recommend selecting your PhishFlip templates or template category when customizing this section.

To hide specific templates or template categories, see our article titled How Do I Hide Templates or Categories I Don't Want to Use?.

To restrict templates that include attachments, see the Phishing section of our Account Settings article.

10. Send Localized Emails

Selecting this option will send localized versions of the selected templates, if available in a user's phishing language. For more information, see the Localized Phishing Campaign section of our Localization Guide.

11. Difficulty Rating

You can use this drop-down menu to filter email templates by difficulty rating. For more information on difficulty ratings, see this article.

12. Phish Link Domain

The Phish Link Domain is the URL that displays when a user hovers their mouse over the simulated phishing link within a test email. This option is set to random by default, but you can select a specific domain to use from this drop-down list. Each domain is owned by KnowBe4 and is used only for phishing security tests.
For information on available domains or how to hide a domain from use, see our Phishing Domain Management article.

13. Landing Page

The Landing Page is the page that opens when a user clicks on a simulated phishing link. If the selected template has a corresponding landing page, the template-specific landing page will be used. If the selected template does not have a corresponding landing page, then the default landing page set in your Account Settings will be used.
If you'd like to use a different landing page, you can select one from this drop-down menu. The selected landing page will be used for each test in this phishing campaign, regardless of the template.

For more information about landing pages, see this article.

14. Add Clickers To

You can use this option to automatically add users who fail a phishing test from this campaign to a specific user group. To learn how to use this option for remedial training, see this article.

Note:

Any change to this field after the campaign has been created will apply to the next phishing test that runs. Users who failed a phishing test prior to this change will not be retroactively added to the selected group.

15. Send an email report to account admins after each phishing test

Enable this option to automatically send a report to all account admins each time a phishing test from this campaign is completed. This report includes metrics such as phish-prone percentage, number of attachments opened, and more.

16. Hide from reports

Enable this option to hide the phishing campaign from user profiles and phishing reports. Hidden campaigns will not impact risk scores or Phish-prone Percentages.
We recommend using this option when running a test campaign for whitelisting or other phishing functionality tests.

You can view the status of your PhishFlip campaigns from the Campaigns tab under the Phishing section of your console.

Clicking on an individual campaign title will take you to the campaign overview screen for that specific campaign, where you can monitor that campaign and obtain reports.

Campaign Monitoring screen

Reports

You view the results of your PhishFlip campaign from the Reports tab under the Phishing section of your console.

Using the drop-downs you can specify a specific date range for the report or limit the report to one or more phishing campaigns. You can also choose one or more groups from the Include Campaigns Sent To drop-down, to limit the report to only the phishing campaigns sent to the selected group(s). You can also choose whether to include, exclude, or only show PhishFlip Campaigns from the Include PhishFlip Campaigns drop-down.

Phishing Reports Console

Comparison reports can be run by choosing either Failures or Reported from the Compare drop-down menu and then choosing what metric you want to compare the report by, such as user group, location, manager, etc. For example, you could compare failures by location to see which branches of your organization are the most phish-prone.
NOTE: A Compare selection is required before the Group Comparisons By box appears. In order to compare metrics such as location, manager, etc., you must have that data imported into your user details. User information can be added with a CSV import or by using our Active Directory Integration feature.

You can also run a comparison report for failures by email template, in order to see which types of phishing emails your users are most prone to clicking.
In contrast, you could run a comparison report for reported by email template, in order to see which emails your users are identifying and reporting as phishing emails.
NOTE: You must be using the Phish Alert add-in to be able to see any reported data.

Underneath the pie graph, you can click on any metric in the graph key to remove it from the graph view (as shown below).

Creating a Comparison Report

Depending on the report metrics selected, a bar graph or pie chart will display. The report details will populate in a datasheet below the graphic. You can add or remove the columns you'd like displayed in the datasheet by selecting the gear icon drop-down button and selecting/deselecting the desired attributes, as shown below.