Phishing Security Tests

Phishing Campaigns Overview

At KnowBe4, we are dedicated to helping you manage the ongoing threat of social engineering tactics, such as phishing attacks. Cybercriminals use phishing attacks to gain access to your personal information. To combat this issue, it's important that your users can identify red flags and possible threats in phishing emails.

Our KSAT console offers a new-school approach to training users on the threat of phishing by allowing you to create phishing campaigns that send your users simulated phishing emails. These emails mimic actual phishing attacks to help teach your users how to stay alert and look out for red flags.

To learn more about phishing campaigns, read the sections below or visit the Phishing Campaigns section of our Knowledge Base.

How It Works

After setting up your KSAT console, you can create a phishing campaign to best fit your organization's needs. You can choose how many Phishing Security Tests (PSTs) you would like to send, and you can customize your campaign using different categories and templates. You also have the option to set up ongoing phishing tests.

PSTs are sent to your users once a campaign starts. If your organization uses the Phish Alert Button (PAB), your users can use this button to report the PSTs. Users that fail the PSTs can be enrolled in training campaigns to help them better identify possible phishing threats. You can also monitor your users' progress in your KSAT console.

Back to top

Types of Attacks

You can use the phishing feature in your KSAT console to help manage the ongoing problem of phishing attacks. The table below lists the different types of simulated attacks we offer.

Attack Type


Phishing Link

A phishing link attack includes a link that your users are prompted to click.


An attachment attack directs your users to open an attachment.

Data Entry

A data entry attack directs your users to a landing page that looks like a data entry screen and attempts to trick your users into entering sensitive information.

Spear Phishing

A spear phishing attack allows you to send sophisticated and targeted phishing emails to specific users or groups.


A reply-to attack requests a response from your users. 

QR Code

A QR code attack includes a link within a QR code that your users are prompted to scan.

Callback Phishing

A callback phishing attack includes a phone number that your users are prompted to call, and a callback code to enter during the call. They will also be prompted to enter additional personal information during the call.

For more information about the types of simulated attacks that our platform offers, visit our What Types of Simulated Phishing Tests Can I Send to My Users? article.

Back to top

Phish Alert Button (PAB)

Our free Phish Alert Button (PAB) tool simplifies the process of reporting phishing attacks. Once installed, the PAB will display in the toolbar of your email client and allows your users to report phishing emails to your organization with one click. When your users report a simulated phishing email using the PAB, a small text box displays that congratulates them on reporting the phishing email. blobid0.png

For more information about the PAB, visit the Phish Alert Button articles on our Knowledge Base. 

Back to top


We offer a wide range of reports that you can generate on the Reports tab of your KSAT console, including phishing reports. You can customize these reports to include specific data to help you monitor your security awareness program.

You can also obtain additional reports by navigating to Phishing > Reports in your KSAT console. Here you can view data about specific campaigns and even compare data for failures and reported emails.

For more information about generating reports, visit our Security Awareness Training Platform Reporting Overview article. 

Back to top

Monitoring Progress

You can monitor results for a specific campaign by navigating to Phishing > Campaigns and clicking the name of the campaign. Here you can view information such as the Phish-prone Percentage, campaign status, failures, and more.

Phishing Security Test (PST) failures will be based on the time you chose for the Track Activity setting when creating the phishing campaign. This setting will help you track activity in PSTs, such as when users open emails, click links, and open attachments. If you've selected the Track Replies to Phishing Emails check box, any user that replies to the simulated phishing emails will also be tracked. If you've set up remedial training campaigns, users who fail PSTs can be enrolled in training automatically to help them improve their security awareness knowledge.

For more information on monitoring your users' progress, visit our How to Monitor and Review Overall Phishing Reports article.

Back to top

Phish-prone Percentage

Based on your phishing campaign results, a Phish-prone Percentage is generated in your KSAT console. Your organization’s Phish-prone Percentage is the percentage of users who are likely to fall victim to phishing attacks. Your organization's overall Phish-prone Percentage, or account average Phish-prone Percentage, is based on the Phish-prone Percentage of your active users who have received at least one PST. Each user also has an individual Phish-prone Percentage included in their user details, which lets you know how likely they are to fail a phishing test. 

For more information on how your organization's Phish-prone Percentage is calculated, visit our Failures and Phish-prone Percentage article. 

Back to top

Can't find what you're looking for?

Contact Support