Menu English (US) Čeština Dansk Deutsch Español (Latinoamérica) Español (España) Suomi Français (Canada) Français (France) हिंदी Magyar Bahasa Indonesia Italiano 日本語 한국어 Bahasa Melayu Nederlands Norsk Polski Português do Brasil Português (Portugal) Română Русский svenska ไทย Türkçe Українська Tiếng Việt 简体中文 繁體中文

Creating and Managing Phishing Campaigns

Updated:

Created:

How to Use Phishing Campaigns

Routine phishing security tests are important to your organization’s cybersecurity as they help you determine which of your users are vulnerable to real attacks and reinforce your user's security awareness training. Phishing campaigns are used to customize and manage the phishing security tests you send. When you create a phishing campaign, you can choose who to send the tests to, which templates should be used, how often this test should occur, and customize the campaign in other ways.

Use the links below to learn how to create and manage phishing campaigns. You can also watch the phishing-related videos on our Tutorial Videos page, to learn about the various functions of KnowBe4's Phishing area.

Jump to:
Create a Phishing Campaign
Types of Phishing Tests

Managing Phishing Campaigns

 

Create a Phishing Campaign

Note

Make sure you import your users into the console before creating a phishing campaign. Click here to learn about importing users.

To create a phishing campaign, go to the Phishing tab of your Knowbe4 console. Then, click the +Create Phishing Campaign button in the upper right-hand corner to open the campaign creation screen.

Detailed below are the various options that are available on the Create Campaign page. The fields Campaign Name, Send to, and Template Categories are required, but we encourage you to customize your campaign settings as much as you like. Once you are happy with the campaign settings, click Create Campaign at the bottom of the page.

Click on one of the headers below for more information on a specific option. 

1. Campaign Name
Name your campaign something descriptive, such as "Monthly IT Test" or "Holiday-Themed Campaign". This name will help you to identify the campaign in other areas of the console.
This name can also help you keep track of the purpose or scope of the campaign when displayed in other areas of the console.
2. Send to
Select the users who should receive a phishing security test from this campaign. You can choose between All Users or Specific Groups.
If you choose Specific Groups, you must also select one or more user groups from the drop-down menu. 
3. Frequency
Select how often phishing security tests should be sent for this campaign.
If you select One-time, this campaign will send only one phishing security test for each user and the campaign will not reoccur.
4. Start Time

Set the time that this campaign should start. This is especially helpful if you want to create a campaign in advance. 

By default, phishing campaigns will use the time zone that is set in your Account Settings. If you would like the campaign to follow a different time zone, you can select the desired time zone from the drop-down menu.

5. Sending Period
Select when the phishing security tests will be sent, once the campaign starts. You can choose to send all of the emails at once or send the emails over a period of time.
  • Send all emails when the campaign starts
    Selecting this option will send phishing tests to all of the selected users when the campaign starts. Delivery takes about one second per email. This means users will not receive emails at the exact same time but they will receive them within a similar time period. 
  • Send emails over...
    Selecting this option will send phishing tests to the users at random, during the time period selected. You can enter a digit between 1 and 6 and choose from business days, weeks, or months.

For more information about sending and tracking periods, see our How to Monitor and Review Phishing Campaigns article.

6. Define Business Days and Hours
If you choose to send emails over a specified time period, the campaign will use the business hours that are set in your Account Settings by default. If you would like the campaign to follow different business hours, you can select the days and hours in this section.
Business days and hours will be respected no matter what sending duration you choose. This means, if you set your campaign to send emails for a month, emails will only be sent on the business days within that month and during your defined business hours.
7. Track Activity

Select how long you would like to track phishing test failures after the sending period ends. You can enter a number between one and six and choose from either days, weeks, or months. For more information about sending and tracking periods, see our How to Monitor and Review Phishing Campaigns article.

8. Track Replies to Phishing Emails
Enable this setting to track when your users reply to a simulated phishing email. Once this setting is selected, more options will display. In this section, you can set a custom reply-to domain, choose to record replies to phishing tests, and choose to record out of office replies. For more information on setting up a reply-to phishing campaign, see our Reply-To Phishing article. 
9. Template Categories and Template Selection

In this section, you can select which simulated phishing emails you would like to send to your users in this campaign. From the first drop-down menu, select one or more categories to use. Then, the templates from the selected categories will populate in the second drop-down menu. 

Using the second drop-down menu, we recommend choosing one of our Automated Template Selections: AIDA Selected, Full Random, or Random. For more information, see our Automated Template Selection article.

Alternatively, you can select a single template to send to all users enrolled in the campaign each time the campaign runs. Preview the selected email by clicking the Preview link to the right of the drop-down menu.

If you select a specific template, you can preview the email by clicking the Preview link to the right of the drop-down menu.

Tip: There are other settings in the KnowBe4 console to help you customize which templates are available for phishing campaigns. 

To hide specific templates or template categories, see our article titled How Do I Hide Templates or Categories I Don't Want to Use?.

To restrict templates that include attachments, see the Phishing section of our Account Settings article.

10. Send Localized Emails
Selecting this option will send localized versions of the selected templates, if available in a user's phishing language. For more information, see the Localized Phishing Campaign section of our Localization Guide.
11. Difficulty Rating
You can use this drop-down menu to filter email templates by difficulty rating. For more information on difficulty ratings, see this article.
12. Phish Link Domain 
The Phish Link Domain is the URL that displays when a user hovers their mouse over the simulated phishing link within a test email. This option is set to random by default, but you can select a specific domain to use from this drop-down list. Each domain is owned by KnowBe4 and is used only for phishing security tests. 
For information on available domains or how to hide a domain from use, see our Phishing Domain Management article. 
13. Landing Page
The Landing Page is the page that opens when a user clicks on a simulated phishing link. If the selected template has a corresponding landing page, the template-specific landing page will be used. If the selected template does not have a corresponding landing page, then the default landing page set in your Account Settings will be used. 
If you'd like to use a different landing page, you can select one from this drop-down menu. The selected landing page will be used for each test in this phishing campaign, regardless of the template.
For more information about landing pages, see this article.
14. Add Clickers To
You can use this option to automatically add users who fail a phishing test from this campaign to a specific user group. To learn how to use this option for remedial training, see this article.

Note:

Any change to this field after the campaign has been created will apply to the next phishing test that runs. Users who failed a phishing test prior to this change will not be retroactively added to the selected group.

15. Send an email report to account admins after each phishing test
Enable this option to automatically send a report to all account admins each time a phishing test from this campaign is completed. This report includes metrics such as phish-prone percentage, number of attachments opened, and more.
16. Hide from reports
Enable this option to hide the phishing campaign from user profiles and phishing reports. Hidden campaigns will not impact risk scores or Phish-prone Percentages.
We recommend using this option when running a test campaign for whitelisting or other phishing functionality tests. 

Back to top

 

Types of Phishing Tests

You can send a variety of phishing tests to your users to test them on different attack vectors. For more information about the types of phishing tests offered by KnowBe4, see our What Types of Simulated Phishing Tests Can I Send to My Users? article.

Back to top

 

Managing Phishing Campaigns

To manage your phishing campaigns, go to the Phishing tab of your KnowBe4 console, then click the Campaigns subtab. 

Phishing Campaigns Page

  1. You can filter which campaigns you are viewing by clicking Active, Inactive, Hidden, PhishFlip, or All
  2. This table lists phishing campaigns by name. For each campaign, you can see which user groups are receiving tests, how many tests will be sent, the current phish-prone %, the date and time of the last test, the status of the campaign, and the duration.

  3. Click the name of a campaign to view the individual campaign details. See our Monitoring and Reviewing Individual Phishing Campaigns article for more information. 

  4. View the status of the phishing campaign. The campaign may be in the Created, Pending, Active, or Closed status. For more information about the phishing campaign statuses, see the list below:
    • Created: Unless the phishing campaign has a One-time frequency, the Created status indicates that the PSTs in the campaign are not being scheduled yet. For One-time phishing campaigns, the Created status indicates that the PST has been scheduled, but the campaign has not started yet.
    • Pending: The PSTs in the campaign are being scheduled.
    • Active: The PSTs in the campaign have been scheduled, and the campaign is ongoing. 
    • Closed: The campaign is inactive. If the campaign is in the Active tab and has the Closed status, the campaign is temporarily inactive until the next PST begins. If the campaign is in the Inactive tab and has a Closed status, either the campaign had a One-time frequency and ended, or the campaign was manually deactivated by an admin. 

  5. View the duration of your campaign. This column will show one of two options: Sending or Tracking

    • Sending: When this column shows the Sending text, your campaign is sending out phishing campaign emails.
    • Tracking: When this column shows the Tracking text, your campaign is tracking user information.
  6. Click the drop-down arrow in the right-most column to view the available actions for a campaign. These actions include:
    • Edit: Click Edit to open the Edit Phishing Campaign screen, which is similar to the campaign creation screen. Edit options as needed and then click Update Campaign at the bottom of the page to save your changes. Options that are grayed out cannot be changed.
      • If you would like to change the frequency of a campaign from recurring to one-time, we recommend deactivating the campaign instead of editing it on this screen. 
    • Clone: Click Clone to create a copy of an existing campaign. The new campaign will have the same settings as the original, but with a new start time and the word "Clone" added to the campaign name.
    • Deactivate: Click Deactivate to stop a campaign from running or recurring. 
      • Once a campaign has been deactivated, you will see Reactivate as an option in the action drop-down menu. For best results, we recommend creating a new campaign rather than reactivating an old campaign. 
        Note: One-time phishing campaigns do not have the option to be reactivated.
    • Hide From Reports: Click Hide From Reports to remove this phishing campaign from all reports, Phish-prone Percentages, and user timelines.
      • Once a campaign has been hidden, you will see Show in Reports as an option in the action drop-down menu. Click this option to include the phishing campaign data into your reports, Phish-prone Percentages, and user timelines.
    • Delete: Click Delete to permanently delete a phishing campaign and all associated data, including recipients, failures, reports, and more. This action is permanent and cannot be undone. 

Back to top

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles