How to Use Phishing Campaigns
Routine phishing security tests are important to your organization’s cybersecurity as they help you determine which of your users are vulnerable to real attacks and reinforce your user's security awareness training. Phishing campaigns are used to customize and manage the phishing security tests you send. When you create a phishing campaign, you can choose who to send the tests to, which templates should be used, how often this test should occur, and customize the campaign in other ways.
Use the links below to learn how to create and manage phishing campaigns. You can also watch the phishing-related videos on our Tutorial Videos page, to learn about the various functions of KnowBe4's Phishing area.
Jump to:
Create a Phishing Campaign
Types of Phishing Tests
Create a Phishing Campaign
Note
Make sure you import your users into the console before creating a phishing campaign. Click here to learn about importing users.
To create a phishing campaign, go to the Phishing tab of your Knowbe4 console. Then, click the +Create Phishing Campaign button in the upper right-hand corner to open the campaign creation screen.
Detailed below are the various options that are available on the Create Campaign page. The fields Campaign Name, Send to, and Template Categories are required, but we encourage you to customize your campaign settings as much as you like. Once you are happy with the campaign settings, click Create Campaign at the bottom of the page.
Click on one of the headers below for more information on a specific option.
This name can also help you keep track of the purpose or scope of the campaign when displayed in other areas of the console.
If you choose Specific Groups, you must also select one or more user groups from the drop-down menu.
If you select One-time, this campaign will send only one phishing security test for each user and the campaign will not reoccur.
Set the time that this campaign should start. This is especially helpful if you want to create a campaign in advance.
By default, phishing campaigns will use the time zone that is set in your Account Settings. If you would like the campaign to follow a different time zone, you can select the desired time zone from the drop-down menu.
- Send all emails when the campaign starts
Selecting this option will send phishing tests to all of the selected users when the campaign starts. Delivery takes about one second per email. This means users will not receive emails at the exact same time but they will receive them within a similar time period. - Send emails over...
Selecting this option will send phishing tests to the users at random, during the time period selected. You can enter a digit between 1 and 6 and choose from business days, weeks, or months.
For more information about sending and tracking periods, see our How to Monitor and Review Phishing Campaigns article.
Business days and hours will be respected no matter what sending duration you choose. This means, if you set your campaign to send emails for a month, emails will only be sent on the business days within that month and during your defined business hours.
Select how long you would like to track phishing test failures after the sending period ends. You can enter a number between one and six and choose from either days, weeks, or months. For more information about sending and tracking periods, see our How to Monitor and Review Phishing Campaigns article.
In this section, you can select which simulated phishing emails you would like to send to your users in this campaign. From the first drop-down menu, select one or more categories to use. Then, the templates from the selected categories will populate in the second drop-down menu.
Using the second drop-down menu, we recommend choosing one of our Automated Template Selections: AIDA Selected, Full Random, or Random. For more information, see our Automated Template Selection article.
Alternatively, you can select a single template to send to all users enrolled in the campaign each time the campaign runs. Preview the selected email by clicking the Preview link to the right of the drop-down menu.If you select a specific template, you can preview the email by clicking the Preview link to the right of the drop-down menu.
Tip: There are other settings in the KnowBe4 console to help you customize which templates are available for phishing campaigns.
To hide specific templates or template categories, see our article titled How Do I Hide Templates or Categories I Don't Want to Use?.
To restrict templates that include attachments, see the Phishing section of our Account Settings article.
For information on available domains or how to hide a domain from use, see our Phishing Domain Management article.
If you'd like to use a different landing page, you can select one from this drop-down menu. The selected landing page will be used for each test in this phishing campaign, regardless of the template.
Note:
Any change to this field after the campaign has been created will apply to the next phishing test that runs. Users who failed a phishing test prior to this change will not be retroactively added to the selected group.
We recommend using this option when running a test campaign for whitelisting or other phishing functionality tests.
Types of Phishing Tests
You can send a variety of phishing tests to your users to test them on different attack vectors. For more information about the types of phishing tests offered by KnowBe4, see our What Types of Simulated Phishing Tests Can I Send to My Users? article.
Managing Phishing Campaigns
To manage your phishing campaigns, go to the Phishing tab of your KnowBe4 console, then click the Campaigns subtab.
- You can filter which campaigns you are viewing by clicking Active, Inactive, Hidden, PhishFlip, or All.
- This table lists phishing campaigns by name. For each campaign, you can see which user groups are receiving tests, how many tests will be sent, the current phish-prone %, the date and time of the last test, the status of the campaign, and the duration.
-
Click the name of a campaign to view the individual campaign details. See our Monitoring and Reviewing Individual Phishing Campaigns article for more information.
- View the status of the phishing campaign. The campaign may be in the Created, Pending, Active, or Closed status. For more information about the phishing campaign statuses, see the list below:
- Created: Unless the phishing campaign has a One-time frequency, the Created status indicates that the PSTs in the campaign are not being scheduled yet. For One-time phishing campaigns, the Created status indicates that the PST has been scheduled, but the campaign has not started yet.
- Pending: The PSTs in the campaign are being scheduled.
- Active: The PSTs in the campaign have been scheduled, and the campaign is ongoing.
- Closed: The campaign is inactive. If the campaign is in the Active tab and has the Closed status, the campaign is temporarily inactive until the next PST begins. If the campaign is in the Inactive tab and has a Closed status, either the campaign had a One-time frequency and ended, or the campaign was manually deactivated by an admin.
-
View the duration of your campaign. This column will show one of two options: Sending or Tracking
- Sending: When this column shows the Sending text, your campaign is sending out phishing campaign emails.
- Tracking: When this column shows the Tracking text, your campaign is tracking user information.
- Click the drop-down arrow in the right-most column to view the available actions for a campaign. These actions include:
- Edit: Click Edit to open the Edit Phishing Campaign screen, which is similar to the campaign creation screen. Edit options as needed and then click Update Campaign at the bottom of the page to save your changes. Options that are grayed out cannot be changed.
- If you would like to change the frequency of a campaign from recurring to one-time, we recommend deactivating the campaign instead of editing it on this screen.
- Clone: Click Clone to create a copy of an existing campaign. The new campaign will have the same settings as the original, but with a new start time and the word "Clone" added to the campaign name.
- Deactivate: Click Deactivate to stop a campaign from running or recurring.
- Once a campaign has been deactivated, you will see Reactivate as an option in the action drop-down menu. For best results, we recommend creating a new campaign rather than reactivating an old campaign.
Note: One-time phishing campaigns do not have the option to be reactivated.
- Once a campaign has been deactivated, you will see Reactivate as an option in the action drop-down menu. For best results, we recommend creating a new campaign rather than reactivating an old campaign.
- Hide From Reports: Click Hide From Reports to remove this phishing campaign from all reports, Phish-prone Percentages, and user timelines.
- Once a campaign has been hidden, you will see Show in Reports as an option in the action drop-down menu. Click this option to include the phishing campaign data into your reports, Phish-prone Percentages, and user timelines.
- Delete: Click Delete to permanently delete a phishing campaign and all associated data, including recipients, failures, reports, and more. This action is permanent and cannot be undone.
- Edit: Click Edit to open the Edit Phishing Campaign screen, which is similar to the campaign creation screen. Edit options as needed and then click Update Campaign at the bottom of the page to save your changes. Options that are grayed out cannot be changed.
Comments
0 comments
Article is closed for comments.