Working with Phishing Campaigns
At KnowBe4, we are dedicated to helping you manage the ongoing threat of social engineering tactics, such as phishing attacks. Cybercriminals use phishing attacks to gain access to your personal information. To combat this issue, it is important that your users can identify red flags and possible threats in phishing emails.
Our Security Awareness Training platform offers a new-school approach to training users on the threat of phishing by allowing you to create phishing campaigns that send your users simulated phishing emails. These simulated attacks mimic actual phishing attacks and teach users how to stay alert. For more information about the phishing feature of our security awareness training platform use the jump links below.
Phishing Campaign Goals
Our Security Awareness Training is designed to help you:
- Determine what types of attacks your users are vulnerable to.
- Educate users on how to look for red flags.
- Calculate the Phish-prone Percentage.
How It Works
To get started with Security Awareness Training, create a phishing campaign. This campaign can include one phishing test or many. Once you campaign starts, your users will be sent simulated phishing emails. Your users either fall for the simulated phishing attack OR report the email. Next, you can enroll your users in Security Awareness Training. You also have the option to establish continued phishing campaigns. Finally, you can monitor your users' progress to see their Phish-prone Percentage decline over time.
You can view our knowledge base articles for additional information about our phishing campaigns.
Types of Attacks
The phishing feature of our Security Awareness Training platform helps you to manage the ongoing problem of phishing attacks and to strengthen your human firewall. See the table for a list of the different types of simulated attacks that our platform offers.
A phishing link attack includes a link that your users are prompted to click.
An attachment attack directs your users to open an attachment.
A data entry attack directs your users to a landing page that looks like a data entry screen and attempts to trick your users into entering sensitive information.
A spear phishing attack allows you to send highly-sophisticated and targeted phishing emails to specific users or groups.
A reply-to attack requests a response from your users.
A QR code attack includes a link within a QR code that your users are prompted to scan.
For more information about the types of simulated attacks that our platform offer, view our phishing campaigns article.
Phish Alert Button
Our free Phish Alert Button tool simplifies the process of reporting phishing attacks. Once installed, the Phish Alert Button is located within the toolbar of your email client and allows your users to report phishing attacks to administrators with one click. When your users report simulated phishing attacks using our Phish Alert Button, a small text box appears that congratulates them on reporting the phishing attack.
For more information on our phish alert button, view our Phish Alert Button video.
You can generate reports in your console for insight into the effectiveness of your security awareness training program. We offer a wide range of reports in your console that can be generated by selecting the Reports tab, then by selecting the type of report that you would like to generate.
You can obtain additional reports about your phishing campaigns, such as a Comparison Report, by selecting the Reports tab under the Phishing section of your console.
For more information about generating report, view our reporting article.
Simulated phishing attack failures are recorded through the Track Activity setting of your phishing campaign. The Track Activity setting independently tracks when your users open phishing emails, click on phishing links, open phishing attachments, or respond to the email. You can optionally set up remedial training campaigns, which will automatically enroll the users who fail your phishing test in a training campaign. This type of campaign ensures that users are motivated to stay alert.
For more information on monitoring your users' progress, view our monitoring progress article.
Based on your phishing campaign results, a Phish-prone Percentage is generated within your KnowBe4 console. Your organization’s Phish-prone Percentage is the percentage of users who are likely to fall victim to phishing attacks. Your organization's overall Phish-prone Percentage, or Account Average Phish-prone Percentage, is based on the Phish-prone Percentage of your active users who have received at least one Phishing Security Test. Each user also has an individual Phish-prone Percentage included in their user details, which lets you know how likely they are to fail a phishing test.
For more information on how your organization's Phish-prone Percentage is calculated, view our Phish-prone Percentage article.