Creating a Managed Phishing Campaign
A campaign can consist of either a single phishing test or a recurring series of tests done Weekly, Bi-Weekly, Monthly, or Quarterly. You can define which accounts and groups to target. You can also select individual phishing templates for a one-time test or fully randomize system or managed templates so that users on your managed accounts are receiving different phishing templates at different times
In order to create a managed campaign, admins will need to be granted the right permissions. This can be done from the Admins tab of your management platform. To learn more, please see the Editing a Partner Admin section of the Managing Partner Admins in Your Account Management Portal article.
To create a new Managed Phishing Campaign, navigate to the Phishing tab and then, click the + Managed Phishing Campaign button in the upper right-hand corner of the screen. This will take you to the New Managed Phishing Campaign screen.
- Campaign Name - The first option is to choose a name for your Managed Phishing campaign. This will help you determine the purpose or scope of the campaign at a glance. Admins for the accounts you are creating a managed phishing campaign will see this name as well.
- Send To - Use the Accounts selector (click to view) to select which accounts you would like to include in this phishing campaign. Then, from the Groups selector (click to view), select either specific groups or select All Users for each of the selected accounts. You also have the option to select Target All Users on all selected accounts (click to view) from the Groups selector instead of selecting All Users for each account.
- Frequency - Set the frequency for the managed campaign using one of the options provided, or leave it as a one-time campaign. For ongoing phishing, we recommend testing your managed accounts at least monthly.
- Start Time - Set the time you want this managed campaign to begin. This is useful if you want to plan out specific campaigns in the future, or do not want to start the campaign immediately. The default start time is 10 minutes from when you entered the campaign creation screen.
The managed phishing campaign will not be visible in the managed account until the managed phishing campaign has started.
- Send all emails when the campaign starts - Selecting this option will send out the phishing emails to all the users at once. The time it sends is based on the start time defined in this form. It may take several minutes for all the emails to be delivered. Please be aware that every recipient adds approximately 1 second to the delivery duration. For example, if you have 500 recipients, it will take approximately 500 seconds (8.3 minutes) to deliver all the emails.
- Send emails over ‘X’ business days/weeks/months - Selecting this option will randomly spread the phishing emails out over the selected time frame. The minimum sending duration is 1 day, while the maximum is 6 months. The digit entered must be from 1 to 6. The emails will be delivered based on the time zone and business days and hours that are defined for each local account in their Account Settings.
If the business hours or days are changed on the local account after the campaign is started, the campaign will continue to use the business hours that were defined in that account at the time the campaign was created. In order to have the campaign use the new business days or hours instead, you will need to change the business hours for that specific campaign in the local account. Please note that if you change the campaign from the local account, this will unlink the campaign from the managed phishing campaign. Alternatively, you could create a new managed phishing campaign.
- Track Activity x days/weeks/months after sending is complete - Choose how long you’d like to track activity on your phishing campaign. This period will begin after the last email is sent. The minimum tracking duration is 1 day, while the maximum is 6 months. The digit entered must be from 1 to 6. At a minimum, we recommend tracking activity for at least 3 days (here, days = calendar days, rather than business days).
Activity includes clicks, attachment opens, replies, data entry, as well as reporting by the Phish Alert Button. You and local admins can see this information from individual managed accounts from the Phishing tab.
- Track Replies to Phishing Emails - With this setting, you can track if users on your managed accounts are prone to responding to phishing emails. For more details on this feature, view our article on Reply-To Phishing.
You and local admins can see this information from individual managed accounts from the Phishing tab.
- Template Categories - Choose the type of emails you will be sending in your phishing test. This consists of selecting one or more categories of emails from either system templates or managed templates. These categories will determine the types of emails you can have your campaign send out.
If one of your managed accounts doesn't wasn't to be tested with phishing emails that include attachments, you can disable any of the attachment attack vectors from the Phishing section of their Account Settings page. See this article to learn more.
If you see categories that you’d rather not use, you can hide categories in your System Templates area so that they don’t appear in your list of available categories when setting up a phishing campaign.
Next, choose the email(s) you'd like to send out in the campaign. The list will change dynamically based on the categories you chose from the email templates. You can select a specific email from the drop-down list and use the preview button to see what it will look like. You will also be able to quickly view the estimated difficulty rating of each template.
You can also select one of three randomizing options (explained below).
Randomizing emails - There are three other options available when choosing emails that can help you with the effectiveness of your campaign:
- Option 1: Random (same random email to all users in your managed accounts) - This option chooses a random email from the selected categories and sends the same email to all users in your managed accounts. A different email is chosen for subsequent tests if the campaign is recurring. For this option, we recommend that you send all the emails out at once.
- Option 2: Full Random (random email to each user) - This option will randomly select a different email for each user in the test. The email chosen will come from among all the categories you checked. This is ideal to prevent the users in your managed accounts from easily identifying when a phishing test is occurring. For this option, we recommend that you send the emails out over a longer duration of time.
- Option 3: AIDA Selected (dynamically selected email to each user) - This option uses data from KnowBe4’s Artificial Intelligence Driven Agent (AIDA) to select the most relevant and challenging template for each user. When using AIDA Selected templates, choose multiple categories to ensure you have a minimum of 20 templates. Providing a large number of templates for AIDA to choose from allows for more variety in your campaign. For best results, we recommend using 50 templates or more.
- Difficulty Rating - The Difficulty Rating is a setting we apply to a template to estimate how sophisticated it is (meaning, how likely it is to trick the users in your managed accounts). Here you can select which difficulty rating(s) you’d prefer to use for your campaign. Select one or more difficulty ratings and your list of templates will dynamically update to match this specification.
- Phish Link Domain- This is the domain that will appear if a user inspects the phishing link by mousing over it (without clicking). There are a variety of domains to choose from (some more obviously “phishy” than others!). The default setting will randomize the domain for each campaign.
These domains are owned by us and are only used for phishing tests.
- Landing Page - If you'd like to change the landing page that all users in your managed accounts will see, you may do so by selecting a landing page here. If you leave Use Defaults as the option, the system will use the default landing page your managed accounts have defined in their Account Settings page. If no defaults are defined there, then the systems will use the landing page that is associated with that particular email template.
- Send an email report to local account admin after each phishing test - This will send a report to all local admins on the accounts each time a phishing test is completed and include metrics such as phish-prone percentage, attachments opened, etc.
- Hide this campaign from reports - This option removes all phishing campaign information from affected users in your managed accounts and from phishing reports. Hidden campaigns will not affect risk scores or Phish-prone percentages. Campaigns used to test phishing functionality should be hidden. For example, phishing campaigns that are created to test for whitelisting or the tracking of clicks on phishing links.
- Prevent campaign edits by local account admins - When enabled, this option prevents admins on your managed accounts from making edits to or deactivating this campaign.
If this feature is disabled, campaigns that are edited by a local account admin will be unlinked from this campaign and you will no longer be able to manage that campaign from your management console.
Once you are done specifying your campaign settings, click Create Managed Campaign.