Working with Phishing Campaigns
At KnowBe4, we are dedicated to helping you manage the ongoing threat of social engineering tactics, such as phishing attacks. Cybercriminals use phishing attacks to gain access to your personal information. To combat this issue, it's important that your users can identify red flags and possible threats in phishing emails.
Our KMSAT console offers a new-school approach to training users on the threat of phishing by allowing you to create phishing campaigns that send your users simulated phishing emails. These emails mimic actual phishing attacks to help teach your users how to stay alert and look out for red flags.
To learn more about phishing campaigns, read the sections below or visit the Phishing Campaigns section of our Knowledge Base.
How It Works
After setting up your KMSAT console, you can create a phishing campaign to best fit your organization's needs. You can choose how many Phishing Security Tests (PSTs) you would like to send, and you can customize your campaign using different categories and templates. You also have the option to set up ongoing phishing tests.
PSTs are sent to your users once a campaign starts. If your organization uses the Phish Alert Button (PAB), your users can use this button to report the PSTs. Users that fail the PSTs can be enrolled in training campaigns to help them better identify possible phishing threats. You can also monitor your users' progress in your KMSAT console.
Types of Attacks
You can use the phishing feature in your KMSAT console to help manage the ongoing problem of phishing attacks. The table below lists the different types of simulated attacks we offer.
A phishing link attack includes a link that your users are prompted to click.
An attachment attack directs your users to open an attachment.
A data entry attack directs your users to a landing page that looks like a data entry screen and attempts to trick your users into entering sensitive information.
A spear phishing attack allows you to send sophisticated and targeted phishing emails to specific users or groups.
A reply-to attack requests a response from your users.
A QR code attack includes a link within a QR code that your users are prompted to scan.
A callback phishing attack includes a phone number that your users are prompted to call, and a callback code to enter during the call. They will also be prompted to enter additional personal information during the call.
For more information about the types of simulated attacks that our platform offers, visit our What Types of Simulated Phishing Tests Can I Send to My Users? article.
Phish Alert Button (PAB)
Our free Phish Alert Button (PAB) tool simplifies the process of reporting phishing attacks. Once installed, the PAB will display in the toolbar of your email client and allows your users to report phishing emails to your organization with one click. When your users report a simulated phishing email using the PAB, a small text box displays that congratulates them on reporting the phishing email.
For more information about the PAB, visit the Phish Alert Button articles on our Knowledge Base.
We offer a wide range of reports that you can generate on the Reports tab of your KMSAT console, including phishing reports. You can customize these reports to include specific data to help you monitor your security awareness program.
You can also obtain additional reports by navigating to Phishing > Reports in your KMSAT console. Here you can view data about specific campaigns and even compare data for failures and reported emails.
For more information about generating reports, visit our Security Awareness Training Platform Reporting Overview article.
You can monitor results for a specific campaign by navigating to Phishing > Campaigns and clicking the name of the campaign. Here you can view information such as the Phish-prone Percentage, campaign status, failures, and more.
Phishing Security Test (PST) failures will be based on the time you chose for the Track Activity setting when creating the phishing campaign. This setting will help you track activity in PSTs, such as when users open emails, click links, and open attachments. If you've selected the Track Replies to Phishing Emails check box, any user that replies to the simulated phishing emails will also be tracked. If you've set up remedial training campaigns, users who fail PSTs can be enrolled in training automatically to help them improve their security awareness knowledge.
For more information on monitoring your users' progress, visit our How to Monitor and Review Overall Phishing Reports article.
Based on your phishing campaign results, a Phish-prone Percentage is generated in your KMSAT console. Your organization’s Phish-prone Percentage is the percentage of users who are likely to fall victim to phishing attacks. Your organization's overall Phish-prone Percentage, or account average Phish-prone Percentage, is based on the Phish-prone Percentage of your active users who have received at least one PST. Each user also has an individual Phish-prone Percentage included in their user details, which lets you know how likely they are to fail a phishing test.
For more information on how your organization's Phish-prone Percentage is calculated, visit our Failures and Phish-prone Percentage article.