Phishing Reply Test Product Manual
To learn about this product, read the below tutorial or watch this brief Phishing Reply Test video.
What is the Phishing Reply Test?
KnowBe4's Phishing Reply Test (PRT) is a web-based tool that helps you determine which of your users are most likely to reply to highly-targeted phishing attacks, such as Business Email Compromise (BEC) and CEO fraud attacks. These types of attacks work by tricking your user into completing a task for someone they think is one of their co-workers or even a C-level executive, but is actually an imposter. This task could be anything from providing sensitive information to wiring money. PRT can help you see how likely your users would be to fall for this type of attack should a real attack ever occur.
PRT allows you to send your users one of three pre-built phishing templates and tracks how many users reply. PRT will never save any of the information included in a reply. We only track whether the user replied, not the contents of that reply. We recommend spoofing someone from your own organization for more accurate results but make sure you get their permission first.
Follow these steps below to complete your free PRT. You will not be required to download or install any software. The default test is limited to 100 employees. Please contact us if you need to send to more.
Signing Up for a Free Account
If you already have a free account, skip to the Setting Up a Phishing Reply Test section.
- Sign up for a free account here: KnowBe4 Free Phishing Reply Test.
- After entering your information, you can either click Get Started or click the link provided in the email we will send you.
- On the next page, you'll be prompted to enter your work email address. After you enter your email address, click Next to create a free account.
- You will receive an email asking you to activate your account. Click the link in the email to activate your free account.
- After you click the link, you will need to set up your free account. Enter your first and last name as well as a password for the account. Click Save & Continue.
- You'll be redirected to the PRT wizard. As the first person to sign in under your domain, you will be automatically set up as the Account Owner. Proceed to step 3 under Setting Up a Phishing Reply Test.
Email addresses of publicly-available email services like Hotmail and Gmail cannot be used when signing up for or running the PRT.
The Account Owner must use his or her corporate email address to sign up and this test will be limited to the domain of that corporate email address. For example, if you sign up with user@CompanyXYZ.com as your email address, you will only be able to test users with an “@CompanyXYZ.com” email address.
Setting Up a Phishing Reply Test
- Log in to your free KnowBe4 account.
- Under the Free Phishing Reply Test, click the Get Started button.
- Enter the name and email of the sender you are trying to spoof in the corresponding fields. We recommend you use the email address of one of your C-level executives or the head of the department you are trying to spoof. Please make sure you have their permission to do so before sending the PRT.
- Choose which style of phishing template to use. We have three options: Accounting Fraud, IT Fraud, and CEO Fraud. You can preview each by clicking the Preview button. When you are finished, click Next Step to advance to the next page.
- Choose who you'd like to send this phishing reply test to. This page allows you to enter up to 100 email addresses from your organization. If you've already taken the Phishing Security Test (PST), you can import the user list you used for that test.
If manually adding emails:
Type out or paste the email addresses into the box, one per line, with no commas or spaces.
If importing emails from PST or SPT:
Click the Import Recipient List from PST or Import Recipient List from SPT buttons. The email addresses will automatically populate in the text box. Any text you already have in the field will be replaced by the imported list.
- If you haven't already done so, make sure you whitelist our mail servers and test that you can successfully receive our phishing emails. On our Review & Launch page, we provide links to our whitelisting documentation to guide you through this process.
- After whitelisting, click the blue Preview and Send Test Email button. This is a sample of what your email will look like when your users receive it. After previewing, you can send yourself a test email by clicking the Send me a test email link on the top right.
- After sending the test email, check your mail and make sure you've received it. This may take up to ten minutes to receive. You can make sure it has been delivered by checking the Test Email Delivery area towards the bottom of the page.
If you receive this email, you are ready to continue to the last step. If you do NOT receive the email or it is filtered by your email system, please review our whitelisting instructions which are linked to the instructions on the page, or you can click here for whitelisting information. Be sure to consider any spam filter service or device you have in place where we may need to be whitelisted as well. You can also contact our support team for assistance.
- Once you've successfully whitelisted and are ready to start your test, click the Start your free PRT now! button to begin. The test will send out a phishing email to all of the users you have entered. It will track any replies on these emails for three days.
Analyzing Your Results
After you run the test, you can return to your account at any time to view the results on the Dashboard page. Under Free Phishing Reply Test Results you will be able to see the status of your Phishing Reply Test, when the test was started, the total number of emails delivered, and the total number of users who opened and replied to the email test. The Users Replied percentage on the right shows how vulnerable you are if a similar phishing attack were to occur within your organization.
A PDF report will also be emailed to you automatically after 24 hours. You can view this PDF by clicking the Download PDF Report button under the Free Phishing Reply Test Results section of your Dashboard. If you would like to know who replied, your rep or reseller can get you that information. If you do not know who your rep is, submit a support ticket and we'll assist you right away.
Armed with this knowledge, you can help protect your organization by teaching your users about the dangers of these types of attacks. Enrolling in KnowBe4's new school security awareness training can help you achieve this goal. Through KnowBe4, you can train your users to spot the warning signs and keep their skills sharp by sending fake phishing attacks much like the ones in this free tool. For more information, request a demo here.