Creating a Managed Phishing Campaign
A campaign can consist of either a single phishing test or a recurring series of tests done weekly, bi-weekly, monthly, or quarterly. You can define which accounts and groups to target. You can also select individual phishing templates for a one-time test or fully randomize system or managed templates so that users on your managed accounts are receiving different phishing templates at different times.
Note: In order to create a managed phishing campaign, admins will need to be granted the right permissions. This can be done from the Admins tab of your management platform. To learn more, please see the Editing a Partner Admin section of the Partner/Multi-Account: How to Manage Partner Admins article.
To create a new managed phishing campaign, navigate to the Phishing tab and then, click the + Managed Phishing Campaign button in the upper right-hand corner of the screen. This will take you to the New Managed Phishing Campaign screen. For more information about this screen, see the screenshot and list below:
- Campaign Name: The first option is to choose a name for your managed phishing campaign. This will help you determine the purpose or scope of the campaign at a glance. Admins of the accounts you are creating a managed phishing campaign for will see this name as well.
Send To: Click Select Accounts to select which accounts you want to include in this phishing campaign (click to view). Click Select Users or Groups to select either specific groups or select All Users for each of the selected accounts (click to view). You also have the option to click Add All Account Users from Select Users or Groups instead of clicking All Users for each account.
Note: Managed accounts participating in the Phishing Template Beta cannot be included in managed phishing campaigns. These accounts will not be listed in this drop-down list. You can still create phishing campaigns from the individual accounts’ consoles.
- Frequency: Set the frequency for the managed phishing campaign using one of the options provided, or leave it as a one-time campaign. For ongoing phishing, we recommend testing your managed accounts at least monthly.
Start Time: Set the time you want this managed phishing campaign to begin. This is useful if you want to plan out specific campaigns in the future, or do not want to start the campaign immediately. The default start time is 10 minutes from when you enter the campaign creation screen.
Note: The managed phishing phishing campaign will not be visible in the managed account until the managed phishing campaign has started.
- Sending Period: Choose whether you want to send all your emails when the campaign starts, or set a period of time to send your emails. Depending on the Frequency option you selected, we recommend sending emails over 1 week for bi-weekly campaigns and over 3 weeks for monthly campaigns.
Track Activity: Choose how long you would like to track activity on your phishing campaign. This period will begin after the last email is sent. The minimum tracking duration is 1 day, while the maximum is 6 months. The digit entered must be from 1 to 6. At a minimum, we recommend tracking activity for at least 3 days. Here, days refer to calendar days rather than business days.
Activity includes clicks, attachment opens, replies, data entry, as well as reporting by the Phish Alert Button (PAB). You and local admins can see this information from individually managed accounts on the Phishing tab.
Track Replies to Phishing Emails: If you select this check box, you can track if users on your managed accounts are prone to responding to phishing emails. For more details on this feature, view our How to Use Reply-To Phishing article.
You and local admins can see this information from individually managed accounts on the Phishing tab.
Template Categories: Choose the type of emails you will be sending in your phishing test. You can select one or more categories of emails from either system templates or managed templates. These categories will determine the types of emails you can have your campaign send out.
Note: If one of your managed accounts doesn't want to be tested with phishing emails that include attachments, you can disable any of the attachment attack vectors from the Phishing section of their Account Settings page. See our Account Settings Guide to learn more.
If you see categories that you don't want to use, you can hide categories in your System Templates area so that they don’t appear in your list of available categories when setting up a phishing campaign.
Next, choose any of the emails you would like to send out in the campaign. The menu will change dynamically based on the categories you chose from the email templates. You can select a specific email from the drop-down menu and select Preview to see what it will look like. You will also be able to quickly view the estimated difficulty rating of each template.
You can also select one of three randomizing options.
There are three other options available when choosing emails that can help you with the effectiveness of your campaign:
- Option 1: Random (same random email to all users) - This option chooses a random email from the selected categories and sends the same email to all users in your managed accounts. A different email is chosen for subsequent tests if the campaign is recurring. For this option, we recommend that you send all the emails out at once.
- Option 2: Full Random (random email to each user) - This option will randomly select a different email for each user in the test. The email chosen will come from among all the categories you checked. This is ideal to prevent the users in your managed accounts from easily identifying when a phishing test is occurring. For this option, we recommend that you send the emails out over a longer duration of time.
- Option 3: AIDA Selected (dynamically selected email to each user) - This option uses data from KnowBe4’s Artificial Intelligence Driven Agent (AIDA) to select the most relevant and challenging template for each user. When using AIDA Selected templates, choose multiple categories to ensure you have a minimum of 20 templates. Providing a large number of templates for AIDA to choose from allows for more variety in your campaign. For best results, we recommend using 50 templates or more.
- Send Localized Emails: Select this check box to send localized versions of the selected templates. For more information, see the Create a Localized Phishing Campaign section of our Localization Guide.
- Difficulty Rating: Here, you can select any of the difficulty ratings you would prefer to use for your campaign. You can select one or more difficulty ratings, and your list of templates will dynamically update to match this specification. A difficulty rating is applied to a template to estimate how sophisticated it is and how likely it is to trick the users in your managed accounts.
Phish Link Domain: This is the domain that will appear if a user inspects the phishing link by hovering over it with their mouse without clicking. There are a variety of domains to choose from. Some domains are more obviously phishy than others. The default setting will randomize the domain for each campaign.
These domains are owned by us and are only used for phishing tests.
- Landing Page: If you would like to change the landing page that all users in your managed accounts will see, you may do so by selecting a landing page in the drop-down menu. If you leave Use Defaults as the option, the system will use the default landing page your managed accounts have defined in their Account Settings page. If no defaults are defined there, then the systems will use the landing page that is associated with that particular email template.
- Send an email report to local account admin after each phishing test: Selecting this check box will send a report to all local admins on the accounts each time a phishing test is completed and include metrics such as Phish-prone Percentage and attachments opened.
- Hide from Reports: Selecting this check box removes all phishing campaign information from affected users in your managed accounts and from phishing reports. Hidden campaigns will not affect risk scores or Phish-prone Percentages. Campaigns used to test phishing functionality should be hidden, such as phishing campaigns that are created to test for whitelisting or the tracking of clicks on phishing links.
Prevent campaign edits by local account admins: Selecting this check box prevents admins on your managed accounts from making edits to or deactivating this campaign.
Note: If this feature is disabled, campaigns that are edited by a local account admin will be unlinked from this campaign and you will no longer be able to manage that campaign from your management console.
- Once you are done specifying your campaign settings, click Create Managed Campaign.