With reply-to phishing, you can test your users’ vulnerability to phishing attacks by tracking replies they send to Phishing Security Tests (PSTs) during a phishing campaign. You can download a user’s reply from the KSAT console and review it to help identify what additional training the user needs. To learn more, see the guide below or watch our Reply-To Phishing video.
Setting Up Reply-To Phishing
To enable reply-to phishing, navigate to the Phishing tab in your KSAT console and click the + Create Phishing Campaign button. Then, scroll down until you see the Track Activity section.
Fill out the fields in this section. For more information, see the screenshot and list below:
- Track Replies to Phishing Emails: You can select this check box to track your users' replies to phishing test emails.
- Custom Reply-to Address Domain: In this field, you can choose the email address your users will see when they receive a phishing test email. This email address is created automatically, but you can override the default domain by entering a different domain.
- Keep reply content for later review: You can select this check box to save replies your users send to phishing test emails. The information saved includes text and attachments.
- Record out of office replies: Select this check box to count any auto-generated out-of-office replies to phishing emails as a failure. This setting can help you see if users include sensitive information in their out-of-office replies. For example, you can see if users include their work phone number and email address, which cybercriminals could use in targeted phishing attacks.
Downloading Replies
You can view your users' replies to see how they interact with the phishing test email. To view replies, follow the steps below:
- In your KSAT console, navigate to Phishing > Campaigns.
- Click the campaign you want to download responses from.
- From the campaign’s overview page, navigate to Users > Replied. When you click Replied, a table will display.
- Find the row for the user whose replies you want to download.
- In the same row, click the arrow icon.
- In the pop-up window that opens, click Download Raw Email.
If a user replies to the same phishing email multiple times, we only record the first reply. If a user sends sensitive information that you want to delete, click Delete Reply Content found under Download Raw Email. Deleting recorded messages will not impact your active phishing campaign.
Checking Replies in Your KSAT Console
You can also see whether a user replied to a phishing email without reading their reply. To check replies, follow the steps below:
- Navigate to Phishing > Campaign.
- Click the training campaign you want to view.
- On the campaign's overview page, click the Users tab. The Recipients table will display automatically.
- A check mark will display under the Replied column if that user replied to the phishing email.