Phishing Security Test Product Manual
To learn about this product, read the below tutorial or watch this brief Phishing Security Test video.
Follow these steps to complete your free Phishing Security Test. You will not be required to download or install any software. The default test is limited to 100 employees. Please contact us if you need to send more.
Signing Up for a Free Account
If you already have a free account, skip to the Setting Up a Phishing Security Test section.
- Sign up for a free account here: KnowBe4 Free Phishing Security Test.
- After entering your information, you can either click Get Started or click the link provided in the email we will send you.
- On the next page, you'll be prompted to enter your work email address. After you enter your email address, click Next to create a free account.
- You will receive an email asking you to activate your account. Click the link in the email to activate your free account.
- After you click the link, you will need to set up your free account. Enter your first and last name as well as a password for the account. Click Save & Continue.
- As the first person to sign in under your domain, you will be automatically set up as the Account Owner. Proceed to step 3 under Setting Up a Phishing Security Test.
Email addresses of publicly-available email services like Hotmail and Gmail cannot be used when signing up for or running the PST.
The Account Owner must use his or her corporate email address to sign up and this test will be limited to the domain of that corporate email address. For example, if you sign up with user@CompanyXYZ.com as your email address, you will only be able to test users with an “@CompanyXYZ.com” email address.
Setting Up a Phishing Security Test
It is vital that you whitelist us in your mail server (as well as any spam filter you are using) prior to setting up your phishing test to ensure the emails will reach your users. For whitelisting information, click here. Also, consider your mail server or mail filter may have rate limiting in place which could prevent a large number of emails to be delivered at once and settings might need to be adjusted.
- Log in to your free KnowBe4 account.
- Under Free Phishing Security Test, click the Get Started button to begin.
- On the page that follows, click Next Step.
- Select your industry and company size. Entering this data will allow you to compare your phishing test results to others in your industry.
- Choose what style of phishing template to use. We have five options: A basic Password Change request, a Human Resources announcement about the Coronavirus, or COVID-19, and then three variations of the Password Change request template which match Office 365, GSuite, and Microsoft Exchange mail environments.
You can also choose the language that you want to send the template in by clicking the language drop-down option. By default, the displayed templates will show in English, however, once a language has been selected, the templates will preview and send in the selected language.
We recommend choosing a template that matches your email environment for the best results. You can preview each by clicking the Preview button. If you're unsure of which template to choose, select the basic template. Clicking to Skip this Step will select the basic Password Change template by default.
- Choose who you'd like to send this phishing test to. This page allows you to import up to 100 email addresses from your organization. To add these, simply type out or paste the email addresses into the box, one per line, with no commas or spaces. Click Next to move to the next step.
- Choose which landing page you would like your users to see upon failing the test. You can select either a 404 error page, so the user may assume they clicked on a broken link, or our Social Engineering Indicators (SEI) landing page, which lets the user know they failed a phishing test and then instructs them on the red flags that they should have looked out for on this particular phishing email.
If you skip this step, we will select the SEI landing page by default.
- If you haven't already done so, make sure you whitelist our mail servers and test that you can successfully receive our phishing emails. On our Review & Launch page, we provide links to our whitelisting documentation to guide you through this.
- After whitelisting, click the blue Preview and Send Test Email button. This is a sample of what your email will look like when your users receive it. You can toggle the red flags on and off, preview the landing page, and send yourself a test email by clicking the Send me a test email link on the top right.
- After sending the test email, check your mail and make sure you've received it. This may take up to ten minutes to receive. You can make sure it has been delivered by checking the Test Email Delivery area towards the bottom of the page.
If you receive this email, you are ready to continue to the last step. If you do NOT receive the email or it is filtered by your email system, please review our whitelisting instructions which are linked to in the instructions on the page, or you can click here for whitelisting information. Be sure to consider any spam filter service or device you have in place where we may need to be whitelisted as well. You can also contact our support team for assistance.
- Once you've successfully whitelisted and are ready to start your test, click the Start your free PST now! button to begin. The test will send out a phishing email to all of the users you have entered. It will track any clicks on these emails for three days.
Analyzing Your Results
After you run the test, you can return to your account at any time to view the results on the Dashboard page. You will be able to see your Phish-Prone Percentage, showing your vulnerability if a similar phishing attack were to occur within your organization. You will also see how your Phish-Prone Percentage compares with others in your industry, after one year of combined computer-based security awareness training and simulated phishing.
A PDF report will also be emailed to you automatically after 24 hours. If you would like to know who clicked, your rep or reseller can get you that information! If you do not know who your rep is, simply submit a support ticket and we'll assist you right away.
Armed with this knowledge, you can help protect your organization by teaching your users about the dangers of these types of attacks. Enrolling in KnowBe4's new school security awareness training can help you achieve this goal. Through KnowBe4, you can train your users to spot the warning signs and keep their skills sharp by sending fake phishing attacks much like the ones in this free tool. For more information, request a demo here.