Follow these steps to complete your free Phishing Security Test. You will not be required to download or install any software. The default test is limited to 100 employees. Please contact us if you need to send to more.
It is vital that you whitelist us in your mail server (as well as any spam filter you are using) prior to setting up your phishing test to ensure the emails will reach your users. For whitelisting information, click here. Our recommendation: if you’re not using a spam filter, whitelist our IPs in your mail server. If you are using a spam filter, whitelist our IPs in your spam filter and whitelist by email header in your mail server.
Sign up for a free account here: KnowBe4 Free Phishing Security Test. After entering your information, you will be redirected to this page, where you'll enter your email address at your company's domain.
As the first person to sign in under your domain, you will be automatically set up as the Account Owner.
Email addresses of publicly-available email services like Hotmail and Gmail are not allowed.
The Account Owner must use his or her corporate email address to sign up and this test will be limited to the domain of that corporate email address. For example, if you sign up with user@CompanyXYZ.com as your email address, you will only be able to test users with an “@CompanyXYZ.com” email address.
Next, you will be sent a confirmation email which contains an activation link. Check your email and click on the Activate my account link to confirm your KnowBe4 account. Check your spam folder if the confirmation email does not arrive in a few minutes, and whitelist KnowBe4 in your antispam software or appliance. Click here to see our whitelisting document.
Once you have clicked the confirmation link in your email, you’ll be taken to the account set up page. Fill out the form and click Save & Continue.
Success! Now you have an account and you can start setting up your test. Under Free Phishing Security Test, click the Get Started button to begin. Then, on the page that follows, click Next Step.
Free Phishing Security Test Wizard
The first thing you will want to do is choose what style of phishing template to use. We have four options: A basic Password Change request, and then three variations of that template which match Office 365, GSuite, and Microsoft Exchange mail environments.
We recommend choosing a template that matches your email environment for the best results. If you're unsure of which template to choose, select the basic template. Clicking to skip this step will select the basic Password Change template by default.
Next, choose who you'd like to send this phishing test to. This page allows you to import up to 100 email addresses from your organization. To add these, simply type out or paste the email addresses into the box, one per line, with no commas or spaces. Click Next to move to the next step.
Next, choose what landing page you would like your users to see upon failing the test. You can select either a 404 error page, so the user may assume they clicked on a broken link, or our Social Engineering Indicators (SEI) landing page, which lets the user know they failed a phishing test and then instructs them on the red flags that they should have looked out for on this particular phishing email.
If you skip this step, we will select the SEI landing page by default.
Now you'll want to make sure you whitelist our mail servers and test that you can successfully receive our phishing emails. On our Review & Launch page, we provide links to our whitelisting documentation to guide you through this.
After whitelisting, click the blue Preview and Send Test Email button. This is a sample of what your email will look like when your users receive it. You can toggle the red flags on and off, preview the landing page, and send yourself a test email by clicking the Send me a test email link on the top right.
After sending the test email, check your mail and make sure you've received it. This may take up to ten minutes to receive. You can make sure it has been delivered by checking the Test Email Delivery area towards the bottom of the page.
If you receive this email, GREAT! You are ready to continue to the last step. If you do NOT receive the email or it is filtered by your email system, please review our whitelisting instructions which are linked to in the instructions on the page, or you can CLICK HERE FOR WHITELISTING INFORMATION. Be sure to consider any spam filter service or device you have in place where we may need to be whitelisted as well. You can also contact our support team for assistance.
Once you've successfully whitelisted and are ready to start your test, click the Start your free PST now! button to begin. The test will send out a phishing email to all of the users you have entered. It will track these emails for three days and you will be able to view the percentage of users who clicked on the phishing link in your results page.
Once the test has been created, you can return to your account and view the results on the Dashboard page. You will be able to see your Phish-Prone Percentage, showing your vulnerability if a similar phishing attack were to occur at your organization.
A PDF report will also be emailed to you automatically after 24 hours. If you would like to know who clicked, your rep or reseller can get you that information! If you do not know who your rep is, simply submit a support ticket and we'll assist you right away.