How to Use Phishing Campaigns
Routine phishing security tests are important to your organization’s cybersecurity as they help you determine which of your users are vulnerable to real attacks and reinforce your user's security awareness training. Phishing campaigns are used to customize and manage the phishing security tests you send. When you create a phishing campaign, you can choose who to send the tests to, which templates should be used, how often this test should occur, and customize the campaign in other ways.
Use the links below to learn how to create and manage phishing campaigns. You can also watch the phishing-related videos on our Tutorial Videos page, to learn about the various functions of KnowBe4's Phishing area.
Jump to:
Create a Phishing Campaign
Types of Phishing Tests
Create a Phishing Campaign
Note
Make sure you import your users into the console before creating a phishing campaign. Click here to learn about importing users.
To create a phishing campaign, go to the Phishing tab of your Knowbe4 console. Then, click the +Create Phishing Campaign button in the upper right-hand corner to open the campaign creation screen.
Detailed below are the various options that are available on the Create Campaign page. The fields Campaign Name, Send to, and Template Categories are required, but we encourage you to customize your campaign settings as much as you like. Once you are happy with the campaign settings, click Create Campaign at the bottom of the page.
Click on one of the headers below for more information on a specific option.
This name can also help you keep track of the purpose or scope of the campaign when displayed in other areas of the console.
If you choose Specific Groups, you must also select one or more user groups from the drop-down menu.
If you select One-time, this campaign will send only one phishing security test for each user and the campaign will not reoccur.
Set the time that this campaign should start. This is especially helpful if you want to create a campaign in advance.
By default, phishing campaigns will use the time zone that is set in your Account Settings. If you would like the campaign to follow a different time zone, you can select the desired time zone from the drop-down menu.
- Send all emails when the campaign starts
Selecting this option will send phishing tests to all of the selected users when the campaign starts. Delivery takes about one second per email. This means users will not receive emails at the exact same time but they will receive them within a similar time period. - Send emails over...
Selecting this option will send phishing tests to the users at random, during the time period selected. You can enter a digit between 1 and 6 and choose from business days, weeks, or months.
Business days and hours will be respected no matter what sending duration you choose. This means, if you set your campaign to send emails for a month, emails will only be sent on the business days within that month and during your defined business hours.
- Full Random (Random email to each user)
This option will automatically choose different templates for each user, from the selected categories. Users enrolled in this campaign will receive a variety of different emails.- This option is a great way to prevent users from telling each other about the incoming phishing test. For an even more effective test, we recommend sending the emails over a period of time.
- Random (Same random email to all users)
This option will automatically choose one template from the selected categories. All users enrolled in this campaign will receive the same email. To avoid repetition in recurring campaigns, this feature remembers the last five emails sent and selects a different template for subsequent tests.- To help prevent users from telling each other about this phishing test, we recommend sending all emails when the campaign starts.
If you select a specific template, you can preview the email by clicking the Preview link to the right of the drop-down menu.
Note:
We also offer settings to help you customize which templates are available for phishing campaigns.
To restrict templates that include attachments, see the Phishing section of our Account Settings article. To hide specific templates or template categories, see this article.
For information on available domains or how to hide a domain from use, see our Phishing Domain Management article.
If you'd like to use a different landing page, you can select one from this drop-down menu. The selected landing page will be used for each test in this phishing campaign, regardless of the template.
Note:
Any change to this field after the campaign has been created will apply to the next phishing test that runs. Users who failed a phishing test prior to this change will not be retroactively added to the selected group.
We recommend using this option when running a test campaign for whitelisting or other phishing functionality tests.
Types of Phishing Tests
Phishing campaigns can be used to test your users on a variety of attack vectors. This section outlines different types of phishing tests you can send. You can use our built-in phishing templates, customize our templates, or create your own template from scratch. For more information on designing your own email templates or landing pages, see our Customizing Emails & Landing Pages article.
Phishing Link Tests
Many real-world phishing emails include a link that leads to a malicious website or file. A phishing link test simulates this kind of attack by sending an email that includes a misleading link. When a user clicks the simulated phishing link, they are directed to a safe and secure landing page.
When a simulated phishing link is clicked, this action will be recorded in your KnowBe4 console as a failure. See our How are Clicks Tracked in Phishing Security Tests? article for more information.
Attachment Tests
An attachment test is a simulated phishing email that includes an attachment and shows how your users handle potentially malicious files. When a user opens the attachment or enables macros for the file, the action will be recorded in your KnowBe4 console as a failure. Click here for more information about our available attachments and how they work.
Since our built-in attachments are specially designed to work with the KnowBe4 console, these files cannot be modified and you cannot upload your own custom attachments. You can attach and rename our available attachments to any custom email template. Alternatively, you can use a system or community template that already includes an attachment—as indicated in the template name.
To find templates that include attachments, follow the steps below:
- From your KnowBe4 console, go to the Phishing tab.
- Click the Email Templates subtab.
- Click System Templates or Community Templates.
- In the search bar to the right, type “Attachment” and press Enter (Return on Mac).
- The search results will display the available templates that include attachments.
Data Entry Tests
A data entry test is a simulated phishing test designed to trick users into entering sensitive information. The phishing test email includes a link that directs users to a landing page designed to look like a real data entry page, such as a Microsoft 365 login page.
When the included link is clicked, the action will be recorded in your KnowBe4 console as a failure. If a user enters any information on the landing page, this action will also be recorded as a failure. See our Working With Data Entry Landing Pages article for more information.
Important
KnowBe4 will never save the information a user enters into a landing page. Only the action of entering and submitting text is recorded, not the text itself.
When editing or creating a data entry landing page, be sure to use the following field names to ensure no entered text is logged on our servers:
password, password_confirmation, old_password, credit_card, ssn, social_security_number, domain_name, uname, number, verification_value, brand.
Spear Phishing Tests
Spear Phishing is a real-world tactic used by cybercriminals to deceive a targeted user or department by impersonating a trusted source to gather confidential information. You can simulate this strategy with a spear phishing test that uses a custom email template designed to simulate this type of attack.
For assistance creating a spear phishing test for your organization, reach out to your Customer Success Manager.
Reply-to Test
A reply-to test is a simulated phishing test that prompts users to reply to a simulated phishing email. When creating a phishing campaign, you can enable the Track Replies to Phishing Emails option. This option will record when a user replies to a simulated phishing test and the action will appear as a failure in your KnowBe4 console. You can also choose to save the text and attachments included in a user's reply email. For more information, see our Reply-To Phishing article.
Managing Phishing Campaigns
To manage your phishing campaigns, go to the Phishing tab of your KnowBe4 console, then click the Campaigns subtab.
- You can filter which campaigns you are viewing by clicking on Active, Inactive, Hidden, or All.
- This table lists phishing campaigns by name. For each campaign, you can see which user groups are receiving tests, how many tests will be sent, the current phish-prone %, the date and time of the last test, the status of the campaign, and the duration.
-
Click on the name of a campaign to view the individual campaign details. See our Monitoring and Reviewing Individual Phishing Campaigns article for more information.
- Click on the drop-down arrow in the right-most column to view the available actions for a campaign. These actions include:
- Edit: Click Edit to open the Edit Phishing Campaign screen, which is similar to the campaign creation screen. Edit options as needed and then click Update Campaign at the bottom of the page to save your changes. Options that are grayed out cannot be changed.
- If you would like to change the frequency of a campaign from recurring to one-time, we recommend deactivating the campaign instead of editing it on this screen.
- Clone: Click Clone to create a copy of an existing campaign. The new campaign will have the same settings as the original, but with a new start time and the word "Clone" added to the campaign name.
- Deactivate: Click Deactivate to stop a campaign from running or recurring.
- Once a campaign has been deactivated, you will see Reactivate as an option in the action drop-down menu. For best results, we recommend creating a new campaign rather than reactivating an old campaign.
- Hide From Reports: Click Hide From Reports to remove this phishing campaign from all reports, Phish-prone Percentages, and user timelines.
- Once a campaign has been hidden, you will see Show in Reports as an option in the action drop-down menu. Click this option to include the phishing campaign data into your reports, Phish-prone Percentages, and user timelines.
- Delete: Click Delete to permanently delete a phishing campaign and all associated data, including recipients, failures, reports, and more. This action is permanent and cannot be undone.
- Edit: Click Edit to open the Edit Phishing Campaign screen, which is similar to the campaign creation screen. Edit options as needed and then click Update Campaign at the bottom of the page to save your changes. Options that are grayed out cannot be changed.
Comments
0 comments
Article is closed for comments.