Creating and Managing Phishing Campaigns

Phishing campaigns help your organization identify users who are vulnerable to phishing attacks. With phishing campaigns, you can train your users to reduce the chance of them falling for phishing attacks. To learn more about creating phishing campaigns, follow the steps below or watch our Creating Phishing Campaigns video.

Jump to:

Create a Phishing Campaign

Managing Phishing Campaigns

Create a Phishing Campaign

To create a phishing campaign, go to your KMAST console and navigate to Phishing > +Create Phishing Campaign. On the New Phishing Campaign page, you can customize your phishing campaign.

1. Campaign Name: Enter a name for your phishing campaign here. This is a required field.
2. Send to: Select either All Users or Specific Groups to receive your phishing campaign. If you choose Specific Groups, you must select a group from the drop-down menu. This is a required field.
3. Frequency: Select how often you would like to send Phishing Security Tests (PSTs) for this campaign. If you select One-time, this campaign will send one PST to each user and then finish. We recommend selecting either Bi-weekly or Monthly.
4. Start Time: Set the date, time, and time zone you would like your phishing campaign to start. Your default time zone is the one set in your Account Settings.
5. Sending Period: Select when to start sending PSTs. You can choose to send all of the emails at once or over a period of time.
   • Send all emails when the campaign starts
     Selecting this option sends PSTs to all selected users when the campaign starts. Users will not receive the email at the same time but will receive it on the same day.
   • Send emails over...
     Selecting this option will send phishing tests to the users at random, during the time period selected. You can enter a number between one and six and pick business days, weeks, or months.

   For more information about sending and tracking periods, see our How to Monitor and Review Phishing Campaigns article.

6. Define Business Days and Hours: By default, your campaign will only send emails during the business hours set in your Account Settings. You can change the hours your emails are sent by entering a start and end time in this field. You can also choose what days you would like emails to be sent by selecting the date check boxes.
7. Track Activity: Select how long you would like to track phishing failures after the sending period ends. You can enter a number between one and six and choose from either days, weeks, or months.

   A campaign will track activity until the campaign’s end date. The campaign’s end date is a combination of three values: the date of the first email, the sending duration, and the tracking duration.

   • Date of the first email: This represents the date, in Pacific Standard Time (PST), of the first email sent during the phishing campaign. 
   • Sending duration: This represents the period of time when your phishing campaign emails were all sent out.
   • Tracking duration: This represents the period of time you track emails from your phishing campaign.

   For more information about sending and tracking periods, see our How to Monitor and Review Phishing Campaigns article.

8. Track Replies to Phishing Emails: Select this check box to track your user’s replies to phishing emails. For more information about tracking replies, see our How to Use Reply-To Phishing article.
9. Template Categories: Select the phishing template you want to send. You can select one or more phishing template categories from the first drop-down menu. Select the type of template you want to use in the second drop-down menu. You can preview the template you selected by clicking on the Preview link. By default, no template categories are selected and your templates will be random. This is a required field.

   Using the second drop-down menu, we recommend choosing one of our Automated Template Selections: AIDA Selected, Full Random, or Random. For more information, see our Automated Template Selection article.

   Tip: If you’re interested in further customizing your phishing templates, see our How Do I Hide Templates or Categories I Don’t Want to Use? and KMSAT Account Settings: Phishing articles.
10. Send Localized Emails: Select this check box to send localized versions of the selected templates. For more information, see the Create a Localized Phishing Campaign section of our Localization Guide.
11. Difficulty Rating: Select the difficulty rating for your phishing campaign from the drop-down menu. For more information about difficulty levels, see our What Are Template Difficulty Ratings and How Can I Use Them? article.
12. Phish Link Domain: Select the domain you would like to display for phishing links in your campaign from the drop-down menu. Each domain is owned by KnowBe4 and is only used for PSTs. By default, this field will select a random domain. For more information on available domains or how to hide a domain from use, see our How to Manage Phish Link Domains article.
13. Landing Page: Select the landing page you want to use for your phishing campaign from the drop-down menu. Landing pages are what your users see when they fail a phishing test. If you customized a landing page for your campaign, it will be automatically selected in this field. For more information about landing pages, see our How to Change the Landing Page on Your Phishing Campaign and How to Create and Edit Email Templates and Landing Pages articles.
14. Add Clickers to: Select a user group you want to add your users who failed their phishing tests. For more information about setting up remedial training, see our How to Set Up a Remedial Training Campaign article.
    Note: Applying any changes to this field will affect the next phishing campaign. Users who failed phishing tests before this change will not be added to the newly selected group.
15. Send an email report to account admins after each phishing test: Select this check box to automatically send a report to all account admins each time a phishing test finishes. The reports include metrics such as Phish-prone Percentage, number of attachments opened, and more.
16. Hide from Reports: Select this check box to hide the phishing campaign from user profiles and phishing reports. Hidden campaigns will not impact Risk Scores or Phish-prone Percentages. We recommend using this option when running a test campaign for whitelisting or other phishing functionality tests.

    Once you’ve finished customizing your phishing campaign, click Create Campaign to save all changes.

    You can test your users with different types of phishing tests. For more information about different types of phishing tests, see our What Types of Simulated Phishing Tests Can I Send to My Users? article.

Back to top

Managing Phishing Campaigns

To manage your phishing campaigns, go to your KMAST console and navigate to Phishing > Campaigns.

1. You can filter campaigns by clicking Active, Inactive, Hidden, or All.
2. Here you can find a list of phishing campaigns sorted by their name in alphabetical order. You can see each campaign’s groups, amount of tests, Phish-prone Percentage, the date and time of the last test, the campaign status, and the duration of the campaign.
3. Click the campaign name to view details about that campaign. For more information, see our How to Monitor and Review Phishing Campaigns article.
4. The status of the phishing campaign will be listed here. The status can be Created, Pending, Active, Closed, or Error:
   • Created: The campaign is created but is not currently active. For one-time phishing campaigns, Created indicates the campaign is scheduled to start.
   • Pending: The phishing campaign is scheduled and waiting to be sent.
   • Active: The phishing campaign is ongoing.
   • Closed: The campaign is inactive. If the campaign is in the Active subtab and has the Closed status, the campaign is temporarily inactive until the next PST begins. If the campaign is in the Inactive subtab and has a Closed status, either the campaign had a one-time frequency and ended, or the campaign was manually deactivated by an admin. 
5. View the duration of your campaign. The duration will either be Sending or Tracking:
   • Sending: Your campaign is sending out phishing emails.
   • Tracking: Your campaign is tracking user information.
6. Click the drop-down arrow in the Actions column to Edit, Clone, Deactivate, Hide from Reports, or Delete a campaign:
   • Edit: Opens the Edit Phishing Campaign page. You can adjust your phishing campaign as needed and click Update Campaign to save your changes. Options that are grayed out cannot be changed.
   Note: If you want to change the frequency of your campaign to One-time, we recommend deactivating the campaign and creating a new one.
   • Clone: Create a copy of an existing campaign. Your cloned campaign will have the same settings aside from a new start time and the word "Clone" in the campaign name. You can remove “Clone” from the title by editing the campaign.
   • Deactivate: Stop your campaign from running or recurring.
     • Once a campaign is deactivated, you will see Activate as an option in the Actions drop-down menu. If you'd like to run the campaign again, we recommend creating a new campaign instead of reactivating the existing campaign. Creating a new campaign will help prevent discrepancies and gaps in your reporting that could be caused by a campaign being inactive.
     Note: One-time phishing campaigns can’t be reactivated.
   • Hide From Reports: Remove this phishing campaign from all reports, Phish-prone Percentages, and user timelines.
     
     • Once a campaign is hidden, you will see Show in Reports as an option in the Actions drop-down menu. This will include the phishing campaign data in your reports, Phish-prone Percentages, and user timelines.
   • Delete: Permanently delete a phishing campaign and all data, including recipients, failures, reports, and more. This action can’t be undone.

Back to top