Menu

Creating and Managing Phishing Campaigns

Avatar
Katie Brennan
Updated
Follow

How to Use Phishing Campaigns

Routine phishing security tests are important to your organization’s cybersecurity as they help you determine which of your users are vulnerable to real attacks and reinforce your user's security awareness training. Phishing campaigns are used to customize and manage the phishing security tests you send. When you create a phishing campaign, you can choose who to send the tests to, which templates should be used, how often this test should occur, and customize the campaign in other ways.

Use the links below to learn how to create and manage phishing campaigns. You can also watch the phishing-related videos on our Tutorial Videos page, to learn about the various functions of KnowBe4's Phishing area.

Jump to:
Create a Phishing Campaign
Types of Phishing Tests

Managing Phishing Campaigns

 

Create a Phishing Campaign

Note

Make sure you import your users into the console before creating a phishing campaign. Click here to learn about importing users.

To create a phishing campaign, go to the Phishing tab of your Knowbe4 console. Then, click the +Create Phishing Campaign button in the upper right-hand corner to open the campaign creation screen.

Detailed below are the various options that are available on the Create Campaign page. The fields Campaign Name, Send to, and Template Categories are required, but we encourage you to customize your campaign settings as much as you like. Once you are happy with the campaign settings, click Create Campaign at the bottom of the page.

Click on one of the headers below for more information on a specific option. 

1. Campaign Name
Name your campaign something descriptive, such as "Monthly IT Test" or "Holiday-Themed Campaign". This name will help you to identify the campaign in other areas of the console.
This name can also help you keep track of the purpose or scope of the campaign when displayed in other areas of the console.
2. Send to
Select the users who should receive a phishing security test from this campaign. You can choose between All Users or Specific Groups.
If you choose Specific Groups, you must also select one or more user groups from the drop-down menu. 
3. Frequency
Select how often phishing security tests should be sent for this campaign.
If you select One-time, this campaign will send only one phishing security test for each user and the campaign will not reoccur.
4. Start Time

Set the time that this campaign should start. This is especially helpful if you want to create a campaign in advance. 

By default, phishing campaigns will use the time zone that is set in your Account Settings. If you would like the campaign to follow a different time zone, you can select the desired time zone from the drop-down menu.

5. Sending Period
Select when the phishing security tests will be sent, once the campaign starts. You can choose to send all of the emails at once or send the emails over a period of time.
  • Send all emails when the campaign starts
    Selecting this option will send phishing tests to all of the selected users when the campaign starts. Delivery takes about one second per email. This means users will not receive emails at the exact same time but they will receive them within a similar time period. 
  • Send emails over...
    Selecting this option will send phishing tests to the users at random, during the time period selected. You can enter a digit between 1 and 6 and choose from business days, weeks, or months.
6. Define Business Days and Hours
If you choose to send emails over a specified time period, the campaign will use the business hours that are set in your Account Settings by default. If you would like the campaign to follow different business hours, you can select the days and hours in this section.
Business days and hours will be respected no matter what sending duration you choose. This means, if you set your campaign to send emails for a month, emails will only be sent on the business days within that month and during your defined business hours.
7. Track Activity
Select the length of time that phishing test failures will be tracked, after the last email has been sent. You can enter a digit between 1 and 6 and choose from business days, weeks, or months.
8. Track Replies to Phishing Emails
Enable this setting to track when your users reply to a simulated phishing email. Once this setting is selected, more options will display. In this section, you can set a custom reply-to domain, choose to record replies to phishing tests, and choose to record out of office replies. For more information on setting up a reply-to phishing campaign, see our Reply-To Phishing article. 
9. Template Categories, Selection, and Randomization
In this section, you can select which emails you would like sent to your users for this campaign. From the first drop-down menu, select one or more categories that you would like to use. Once a category is selected, you'll see the templates from the selected categories populate in the second drop-down menu. From the second drop-down menu, you can select a specific template to send to your users or choose one of our randomization options listed below.
  • Full Random (Random email to each user)
    This option will automatically choose different templates for each user, from the selected categories. Users enrolled in this campaign will receive a variety of different emails.
    • This option is a great way to prevent users from telling each other about the incoming phishing test. For an even more effective test, we recommend sending the emails over a period of time.
  • Random (Same random email to all users)
    This option will automatically choose one template from the selected categories. All users enrolled in this campaign will receive the same email. To avoid repetition in recurring campaigns, this feature remembers the last five emails sent and selects a different template for subsequent tests.
    • To help prevent users from telling each other about this phishing test, we recommend sending all emails when the campaign starts.

If you select a specific template, you can preview the email by clicking the Preview link to the right of the drop-down menu.

Note:

We also offer settings to help you customize which templates are available for phishing campaigns. 
To restrict templates that include attachments, see the Phishing section of our Account Settings article. To hide specific templates or template categories, see this article.

10. Send Localized Emails
Selecting this option will send localized versions of the selected templates, if available in a user's phishing language. For more information, see the Localized Phishing Campaign section of our Localization Guide.
11. Difficulty Rating
You can use this drop-down menu to filter email templates by difficulty rating. For more information on difficulty ratings, see this article.
12. Phish Link Domain 
The Phish Link Domain is the URL that displays when a user hovers their mouse over the simulated phishing link within a test email. This option is set to random by default, but you can select a specific domain to use from this drop-down list. Each domain is owned by KnowBe4 and is used only for phishing security tests. 
For information on available domains or how to hide a domain from use, see our Phishing Domain Management article. 
13. Landing Page
The Landing Page is the page that opens when a user clicks on a simulated phishing link. If the selected template has a corresponding landing page, the template-specific landing page will be used. If the selected template does not have a corresponding landing page, then the default landing page set in your Account Settings will be used. 
If you'd like to use a different landing page, you can select one from this drop-down menu. The selected landing page will be used for each test in this phishing campaign, regardless of the template.
For more information about landing pages, see this article.
14. Add Clickers To
You can use this option to automatically add users who fail a phishing test from this campaign to a specific user group. To learn how to use this option for remedial training, see this article.

Note:

Any change to this field after the campaign has been created will apply to the next phishing test that runs. Users who failed a phishing test prior to this change will not be retroactively added to the selected group.

15. Send an email report to account admins after each phishing test
Enable this option to automatically send a report to all account admins each time a phishing test from this campaign is completed. This report includes metrics such as phish-prone percentage, number of attachments opened, and more.
16. Hide from reports
Enable this option to hide the phishing campaign from user profiles and phishing reports. Hidden campaigns will not impact risk scores or Phish-prone Percentages.
We recommend using this option when running a test campaign for whitelisting or other phishing functionality tests. 

Back to top

 

Types of Phishing Tests

Phishing campaigns can be used to test your users on a variety of attack vectors. This section outlines different types of phishing tests you can send. You can use our built-in phishing templates, customize our templates, or create your own template from scratch. For more information on designing your own email templates or landing pages, see our Customizing Emails & Landing Pages article. 

Back to top

 

Phishing Link Tests

Many real-world phishing emails include a link that leads to a malicious website or file. A phishing link test simulates this kind of attack by sending an email that includes a misleading link. When a user clicks the simulated phishing link, they are directed to a safe and secure landing page. 

When a simulated phishing link is clicked, this action will be recorded in your KnowBe4 console as a failure. See our How are Clicks Tracked in Phishing Security Tests? article for more information.

Back to top

 

Attachment Tests

An attachment test is a simulated phishing email that includes an attachment and shows how your users handle potentially malicious files. When a user opens the attachment or enables macros for the file, the action will be recorded in your KnowBe4 console as a failure. Click here for more information about our available attachments and how they work. 

Since our built-in attachments are specially designed to work with the KnowBe4 console, these files cannot be modified and you cannot upload your own custom attachments. You can attach and rename our available attachments to any custom email template. Alternatively, you can use a system or community template that already includes an attachment—as indicated in the template name. 

To find templates that include attachments, follow the steps below:

  1. From your KnowBe4 console, go to the Phishing tab.
  2. Click the Email Templates subtab.
  3. Click System Templates or Community Templates
  4. In the search bar to the right, type “Attachment” and press Enter (Return on Mac).
  5. The search results will display the available templates that include attachments.

Back to top

 

Data Entry Tests

A data entry test is a simulated phishing test designed to trick users into entering sensitive information. The phishing test email includes a link that directs users to a landing page designed to look like a real data entry page, such as a Microsoft 365 login page.

When the included link is clicked, the action will be recorded in your KnowBe4 console as a failure. If a user enters any information on the landing page, this action will also be recorded as a failure. See our Working With Data Entry Landing Pages article for more information. 

Important

KnowBe4 will never save the information a user enters into a landing page. Only the action of entering and submitting text is recorded, not the text itself.

When editing or creating a data entry landing page, be sure to use the following field names to ensure no entered text is logged on our servers:
password, password_confirmation, old_password, credit_card, ssn, social_security_number, domain_name, uname, number, verification_value, brand.

Back to top

 

Spear Phishing Tests

Spear Phishing is a real-world tactic used by cybercriminals to deceive a targeted user or department by impersonating a trusted source to gather confidential information. You can simulate this strategy with a spear phishing test that uses a custom email template designed to simulate this type of attack.

For assistance creating a spear phishing test for your organization, reach out to your Customer Success Manager.

Back to top

 

Reply-to Test

A reply-to test is a simulated phishing test that prompts users to reply to a simulated phishing email. When creating a phishing campaign, you can enable the Track Replies to Phishing Emails option. This option will record when a user replies to a simulated phishing test and the action will appear as a failure in your KnowBe4 console. You can also choose to save the text and attachments included in a user's reply email. For more information, see our Reply-To Phishing article. 

Back to top

 

Managing Phishing Campaigns

To manage your phishing campaigns, go to the Phishing tab of your KnowBe4 console, then click the Campaigns subtab. 

  1. You can filter which campaigns you are viewing by clicking on Active, Inactive, Hidden, or All
  2. This table lists phishing campaigns by name. For each campaign, you can see which user groups are receiving tests, how many tests will be sent, the current phish-prone %, the date and time of the last test, the status of the campaign, and the duration.

  3. Click on the name of a campaign to view the individual campaign details. See our Monitoring and Reviewing Individual Phishing Campaigns article for more information. 

  4. Click on the drop-down arrow in the right-most column to view the available actions for a campaign. These actions include:
    • Edit: Click Edit to open the Edit Phishing Campaign screen, which is similar to the campaign creation screen. Edit options as needed and then click Update Campaign at the bottom of the page to save your changes. Options that are grayed out cannot be changed.
      • If you would like to change the frequency of a campaign from recurring to one-time, we recommend deactivating the campaign instead of editing it on this screen. 
    • Clone: Click Clone to create a copy of an existing campaign. The new campaign will have the same settings as the original, but with a new start time and the word "Clone" added to the campaign name.
    • Deactivate: Click Deactivate to stop a campaign from running or recurring. 
      • Once a campaign has been deactivated, you will see Reactivate as an option in the action drop-down menu. For best results, we recommend creating a new campaign rather than reactivating an old campaign. 
    • Hide From Reports: Click Hide From Reports to remove this phishing campaign from all reports, Phish-prone Percentages, and user timelines.
      • Once a campaign has been hidden, you will see Show in Reports as an option in the action drop-down menu. Click this option to include the phishing campaign data into your reports, Phish-prone Percentages, and user timelines.
    • Delete: Click Delete to permanently delete a phishing campaign and all associated data, including recipients, failures, reports, and more. This action is permanent and cannot be undone. 

Back to top

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles