Creating a Managed Phishing Campaign
A campaign can consist of either a single phishing test or a recurring series of tests done Weekly, Bi-Weekly, Monthly, or Quarterly. You can define which accounts and groups to target. You can also select individual phishing templates for a one-time test or fully randomize system or managed templates so that users on your managed accounts are receiving different phishing templates at different times
Note: In order to create a managed campaign, admins will need to be granted the right permissions. This can be done from the Admins tab of your management platform. To learn more, please see the Editing a Partner Admin section of the Managing Partner Admins in Your Account Management Portal article.
To create a new Managed Phishing Campaign, navigate to the Phishing tab and then, click the + Managed Phishing Campaign button in the upper right-hand corner of the screen. This will take you to the New Managed Phishing Campaign screen.
- Campaign Name: The first option is to choose a name for your Managed Phishing campaign. This will help you determine the purpose or scope of the campaign at a glance. Admins for the accounts you are creating a managed phishing campaign will see this name as well.
- Send To: Click Select Accounts to select which accounts you would like to include in this phishing campaign (click to view). Click Select Users or Groups to select either specific groups or select All Users for each of the selected accounts (click to view). You also have the option to click Add All Account Users from Select Users or Groups instead of clicking All Users for each account.
Note: Managed accounts participating in the Phishing Template Beta cannot be included in managed phishing campaigns. These accounts will not be listed in this drop-down list. You can still create phishing campaigns from the individual accounts’ consoles.
- Frequency: Set the frequency for the managed campaign using one of the options provided, or leave it as a one-time campaign. For ongoing phishing, we recommend testing your managed accounts at least monthly.
- Start Time: Set the time you want this managed campaign to begin. This is useful if you want to plan out specific campaigns in the future, or do not want to start the campaign immediately. The default start time is 10 minutes from when you entered the campaign creation screen.
Note: The managed phishing campaign will not be visible in the managed account until the managed phishing campaign has started.
- Sending Period: Choose whether you want to send all your emails when the campaign starts, or set a period of time to send your emails. Depending on the Frequency option you selected, we recommend sending emails over 1 week for bi-weekly campaigns and over 3 weeks for monthly campaigns.
- Track Activity x days/weeks/months after sending is complete: Choose how long you’d like to track activity on your phishing campaign. This period will begin after the last email is sent. The minimum tracking duration is 1 day, while the maximum is 6 months. The digit entered must be from 1 to 6. At a minimum, we recommend tracking activity for at least 3 days (here, days = calendar days, rather than business days).
Activity includes clicks, attachment opens, replies, data entry, as well as reporting by the Phish Alert Button. You and local admins can see this information from individual managed accounts from the Phishing tab.
- Track Replies to Phishing Emails: With this setting, you can track if users on your managed accounts are prone to responding to phishing emails. For more details on this feature, view our article on Reply-To Phishing.
You and local admins can see this information from individual managed accounts from the Phishing tab.
- Template Categories: Choose the type of emails you will be sending in your phishing test. This consists of selecting one or more categories of emails from either system templates or managed templates. These categories will determine the types of emails you can have your campaign send out.
Note: If one of your managed accounts doesn't wasn't to be tested with phishing emails that include attachments, you can disable any of the attachment attack vectors from the Phishing section of their Account Settings page. See this article to learn more.
If you see categories that you’d rather not use, you can hide categories in your System Templates area so that they don’t appear in your list of available categories when setting up a phishing campaign.
Next, choose the email(s) you'd like to send out in the campaign. The list will change dynamically based on the categories you chose from the email templates. You can select a specific email from the drop-down list and use the preview button to see what it will look like. You will also be able to quickly view the estimated difficulty rating of each template.
You can also select one of three randomizing options (explained below).
Randomizing emails - There are three other options available when choosing emails that can help you with the effectiveness of your campaign:
- Option 1: Random (same random email to all users in your managed accounts) - This option chooses a random email from the selected categories and sends the same email to all users in your managed accounts. A different email is chosen for subsequent tests if the campaign is recurring. For this option, we recommend that you send all the emails out at once.
- Option 2: Full Random (random email to each user) - This option will randomly select a different email for each user in the test. The email chosen will come from among all the categories you checked. This is ideal to prevent the users in your managed accounts from easily identifying when a phishing test is occurring. For this option, we recommend that you send the emails out over a longer duration of time.
- Option 3: AIDA Selected (dynamically selected email to each user) - This option uses data from KnowBe4’s Artificial Intelligence Driven Agent (AIDA) to select the most relevant and challenging template for each user. When using AIDA Selected templates, choose multiple categories to ensure you have a minimum of 20 templates. Providing a large number of templates for AIDA to choose from allows for more variety in your campaign. For best results, we recommend using 50 templates or more.
- Send Localized Emails: Select this check box to send localized versions of the selected templates. For more information, see the Create a Localized Phishing Campaign section of our Localization Guide.
- Difficulty Rating: The Difficulty Rating is a setting we apply to a template to estimate how sophisticated it is (meaning, how likely it is to trick the users in your managed accounts). Here you can select which difficulty rating(s) you’d prefer to use for your campaign. Select one or more difficulty ratings and your list of templates will dynamically update to match this specification.
- Phish Link Domain: This is the domain that will appear if a user inspects the phishing link by mousing over it (without clicking). There are a variety of domains to choose from (some more obviously “phishy” than others!). The default setting will randomize the domain for each campaign.
These domains are owned by us and are only used for phishing tests.
- Landing Page: If you'd like to change the landing page that all users in your managed accounts will see, you may do so by selecting a landing page here. If you leave Use Defaults as the option, the system will use the default landing page your managed accounts have defined in their Account Settings page. If no defaults are defined there, then the systems will use the landing page that is associated with that particular email template.
- Send an email report to local account admin after each phishing test: This will send a report to all local admins on the accounts each time a phishing test is completed and include metrics such as phish-prone percentage, attachments opened, etc.
- Hide this campaign from reports: This option removes all phishing campaign information from affected users in your managed accounts and from phishing reports. Hidden campaigns will not affect risk scores or Phish-prone percentages. Campaigns used to test phishing functionality should be hidden. For example, phishing campaigns that are created to test for whitelisting or the tracking of clicks on phishing links.
- Prevent campaign edits by local account admins: When enabled, this option prevents admins on your managed accounts from making edits to or deactivating this campaign.
Note: If this feature is disabled, campaigns that are edited by a local account admin will be unlinked from this campaign and you will no longer be able to manage that campaign from your management console.
- Once you are done specifying your campaign settings, click Create Managed Campaign.