Smart Groups

Share

Is this article helpful?

Last updated:

Smart Groups Phishing Automation Guide

In this article, you’ll learn how to use Smart Groups to build an automated dynamic phishing process. Dynamic phishing allows you to automatically send Phishing Security Tests (PSTs) that challenge your users’ existing security awareness skills. The additional phishing processes in this article allow you to group your users by a variety of phishing metrics, such as how many PSTs each user has reported.

For general information about using Smart Groups, see our Smart Groups Quickstart Guide.

Automated Dynamic Phishing Process

With Smart Groups, you can automate your phishing campaigns so that users receive PSTs based on their security awareness skills. As your users’ security awareness skills improve, they will receive more difficult PSTs to continue to challenge them.

To build this automated process, you will create Smart Groups and phishing campaigns based on different difficulty levels. Each Smart Group will be based on the number of PSTs a user has failed, and each phishing campaign will include PSTs with specific difficulty ratings.

Tip: We recommend that you build a remedial training plan along with your dynamic phishing workflow. This plan will automatically assign security training to users who fail a PST. To learn how to automate remedial training assignments, see our Smart Groups Training Automation Guide.

This section explains how to build a dynamic phishing process that includes two tiers: a beginner tier and an advanced tier. If you would like, you can add additional tiers by creating more Smart Groups and corresponding phishing campaigns.

In the two-tier process, all new users begin in the advanced phishing Smart Group and are enrolled in the advanced phishing campaign. The advanced phishing campaign sends PSTs with a three-star, four-star, or five-star difficulty rating on a bi-weekly or monthly basis.

If a user fails a PST from the advanced phishing campaign, they'll be removed from the advanced phishing campaign and added to the beginner phishing campaign. This campaign sends PSTs with a one-star, two-star, or three-star difficulty rating on a bi-weekly or monthly basis.

Once the user passes two consecutive PSTs from the beginner phishing campaign, they'll be removed from the beginner phishing campaign and added back to the advanced phishing campaign.

Note: When a user is added to a new phishing campaign, they might not immediately receive a PST. The date when the user receives the PST will depend on the campaign schedule. For example, if a user is added to a bi-weekly phishing campaign, they may not receive a PST from the campaign for two weeks.

Step One: Create Your Smart Groups

To build a two-tier dynamic phishing process, create a Smart Group for each difficulty tier. Click on the tabs below to see our recommended settings for each Smart Group.

Beginner Phishing Smart Group

Create a Smart Group and name it something identifiable, such as “Dynamic Phishing Beginner Users”. Navigate to the Smart Group Criteria drop-down menu and select Phish Event. Then, add the following criterion:

1. Condition: Select Must
2. Phish Event: Select Failed Phishing Test.
3. Comparison: Select Greater Than.
4. Count: Select 0.
5. Time Frame: Select Duration. Then, select In the last, 4, and Weeks.
6. Save: After you’ve filled out the above fields, click Save.

Your finished criterion will be displayed like the screenshot below:

Advanced Phishing Smart Group

Create a Smart Group and name it something identifiable, such as “Dynamic Phishing Advanced Users”. Navigate to the Smart Group Criteria drop-down menu and select Phish Event. Then, add the following criterion:

1. Condition: Select Must Not.
2. Phish Event: Select Failed Phishing Test.
3. Comparison: Select Greater Than.
4. Count: Select 0.
5. Time Frame: Select Duration. Then, select In the last, 4, and Weeks.
6. Save: After you’ve filled out the above fields, click Save.

Your finished criterion will be displayed like the screenshot below:

Auditing Smart Group

We recommend that you create an auditing Smart Group for users who have never received a PST. You can use this group to verify that your users are receiving the PSTs you’ve sent.

Create a Smart Group and name it something identifiable, such as “Dynamic Phishing Auditing Smart Group”. Navigate to the Smart Group Criteria drop-down menu and select Phish Event. Then, add the following criterion:

1. Condition: Select Must.
2. Phish Event: Select Delivered.
3. Comparison: Select Greater Than.
4. Count: Select 11.
5. Time Frame: Select Duration. Then, select In the last, 12, and Months.
6. Save: After you’ve filled out the above fields, click Save.

Then, navigate to the Smart Group Criteria drop-down menu and select User Date. Add the following criteria:

1.Condition: Select Must Not.
2. Date Type: Select Created.
3. Time Frame: Select Duration. Then, select In the last, 3, and Months.
4. Save: After you’ve filled out the above fields, click Save.

Your finished criterion will be displayed like the screenshot below:

Step Two: Create Your Dynamic Phishing Campaigns

Now that you’ve created your Smart Groups, you can create two corresponding phishing campaigns. Click the tabs below to see our recommended campaign settings:

For your beginner dynamic phishing campaign, we recommend that you use the settings listed below:
  1. Campaign Name: Enter an identifiable name, such as “Beginner Dynamic Phishing”.
  2. Send to: Select Specific Groups, then select your beginner Smart Group.
  3. Frequency: We recommend selecting either Bi-weekly or Monthly.
  4. Start Time: We recommend setting the Date to the first day of the upcoming month. You can set the Time and Time Zone at your discretion.
  5. Sending Period: Select Send emails over 6 business days.
  6. Track Activity: Select 6 days after the last email is sent.
  7. Track Replies to Phishing Emails: Leave this check box unselected.
  8. Template Categories: We recommend selecting Brand Knock-Offs, Online Services, Outdoor/Sporting Goods, and Social Networking. Then, select AIDA Selected from the Template Selection drop-down menu.
    Note: We recommend selecting template categories that are not associated with your organization, such as Current Events and Brand Knock-Offs. As your users learn how to spot PSTs, you can select additional template categories for each campaign.
  9. Difficulty Rating: Select the one-star, two-star, and three-star options.
  10. Phish Link Domain: By default, this setting is set to Random Domain. We recommend that you don't change this setting.
  11. Landing Page: We recommend selecting one of our SEI Landing Page templates.
  12. Send an email report to account admins after each phishing test: You can choose whether you want to enable this setting.
  13. Hide from Reports: Leave this checkbox unselected.
For your advanced dynamic phishing campaign, we recommend that you use the settings listed below:
  1. Campaign Name: Enter an identifiable name, such as “Advanced Dynamic Phishing”.
  2. Send to: Select Specific Groups, then select your advanced Smart Group.
  3. Frequency: Select Bi-weekly or Monthly.
  4. Start Time: We recommend setting the Date to the first day of the next upcoming month. You can set the Time and Time Zone at your discretion.
  5. Sending Period: Set this setting to Send emails over 3 weeks.
  6. Track Activity: Set this setting to 3 days after the last email is sent.
  7. Track Replies to Phishing Emails: Leave this checkbox unselected.
  8. Template Categories: We recommend selecting Brand Knock-Offs, Online Services, Outdoor/Sporting Goods, and Social Networking. Then, select AIDA Selected from the Template Selection drop-down menu.
    Note: We recommend selecting template categories that are not associated with your organization, such as Current Events and Brand Knock-Offs. As your users learn how to spot PSTs, you can select additional template categories for each campaign.
  9. Difficulty Rating: Select the three-star, four-star, and five-star difficulty options.
  10. Phish Link Domain: By default, this setting is set to Random Domain. We recommend that you do not change this setting.
  11. Landing Page: We recommend selecting one of our SEI Landing Page templates.
  12. Send an email report to account admins after each phishing test: You can choose whether you want to enable this setting.
  13. Hide from Reports: Leave this checkbox unselected.

Additional Automated Phishing Processes

There are a variety of other ways you can use Smart Groups to automate phishing processes in your KSAT console. To learn about some common phishing automation uses for Smart Groups, see the sections below:

Tip: If you want to build a phishing process that is not included in this article, we recommend downloading our Smart Groups Planning Worksheet. This worksheet helps you build your own automated process with Smart Groups. To learn more about the types of Smart Groups you can create, reference our Smart Groups Glossary of Criteria Types.

Tracking Phishing Failures

You can create Smart Groups based on your users’ PST failures. These Smart Groups can help you identify users who may need additional security awareness training or proficient users who should receive more challenging tests.

Users With No PST Failures

This Smart Group will include users who have never failed a phishing security test (PST). We recommend sending challenging PSTs to these users to continue building their security awareness skills.

Navigate to the Smart Group Criteria drop-down menu and select Phish Event. Then, add the following criteria:

1. Condition: Select Must Not.
2. Phish Event: Select Failed Phishing Test.
3. Comparison: Select Greater Than.
4. Count: Select 0.
5. Time Frame: Select Any.
6. Save: After you’ve filled out the above fields, click Save.

Your finished criterion will be displayed like the screenshot below:

Users With X PST Failures in a Specific, Ongoing Phishing Campaign

This Smart Group will include users who have failed multiple PSTs from an ongoing phishing campaign. You can use this Smart Group as an ad hoc report on your users’ security awareness proficiency. For example, if you create a new phishing campaign with harder phishing templates than usual, you can use this Smart Group to see if your phishing failure rates change.

Navigate to the Smart Group Criteria drop-down menu and select Phish Event. Then, add the following criteria:

Note:The Time Frame option for this criterion will include results from an ongoing phishing campaign. If you would like to see the results for a one-time phishing campaign, set a Range with a start date and end date.
1. Condition: Select Must.
2. Phish Event: Select Failed Phishing Test.
3. Comparison: Select Greater Than.
4. Count: Select your desired amount.
5. Time Frame: Select Range. Then, select your desired date range.
6. Save: After you’ve filled out the above fields, click Save.

Your finished criterion will be displayed like the screenshot below:

Tracking Reported Phishing Emails

You can create Smart Groups based on how many PSTs users have reported and how many users haven’t reported emails marked as threats in PhishER. By including users in Smart Groups based on the number of phishing emails they’ve reported, you can see which users have strong security awareness skills and which users may need more training.

Users Who Have Reported More Than X Phishing Security Tests

This Smart Group will include users who are actively engaging in your security awareness program by reporting PSTs sent by your organization, rather than ignoring or deleting the PSTs.

Important: To create this Smart Group, your organization must use our Phish Alert Button (PAB).

Navigate to the Smart Group Criteria drop-down menu and select Phish Event. Then, add the following criteria:

1. Condition: Select Must.
2. Phish Event: Select Reported.
3. Comparison: Select Greater Than.
4. Count: Select your desired amount.
5. Time Frame: Select Any.
6. Save: After you’ve filled out the above fields, click Save.

Your finished criterion will be displayed like the screenshot below:

Users Who Did Not Report Emails Labeled as Threats

This Smart Group will include users who did not report emails labeled as threats in PhishER.

First, make sure PhishER is integrated with your KSAT console. Once you’ve integrated PhishER with your KSAT console, reported messages and quarantined messages from PhishRIP will display on the User Timeline of the user who reported the message.

From the Smart Groups Criteria drop-down menu, select Custom Event. Add the following criteria:

1. Condition: Select Must Not.
2. Event Type: Select PhishRIP Message Found.
3. Event Source: Select your desired event source.
4. Event External Id: Enter the Id of your desired PhishRIP Message.
5. Description: Enter a description for your criteria.
6. Matcher: Select Greater Than.
7. Count: Select your desired amount.
8. Time Frame: Select Any.
9. Save: After you’ve filled out the above fields, click Save.

Your finished criterion will be displayed like the screenshot below:

Tracking Specific Users

There are a variety of Smart Groups you can create based on your users’ information. For example, you can create a Smart Group of high-risk users based on their Personal Phish-prone Percentage. If you have inactive user accounts in your KSAT console that don’t need to receive your phishing campaigns, you can also use Smart Groups to separate inactive users from active users.

Users With a Personal Phish-prone Percentage Greater Than X%

This Smart Group will include users who have a specific Personal Phish-prone Percentage. Then, you can send customized phishing or training campaigns to each Smart Group.

A user’s Personal Phish-prone Percentage is based on how many PST failures they have. Some PSTs include multiple attack vectors, such as malicious attachments and links. This means that a user can fail one PST multiple times. To keep track of these failures, the user’s Personal Phish-prone Percentage counts individual failures instead of total failed PSTs.

To create this Smart Group, navigate to the Smart Group Criteria drop-down menu and select User Field. Then, add the following criterion:

1. User Field: Select Phish-prone Percentage.
2. Condition: Select Must.
3. Comparison: Select Greater Than.
4. Value: Select your desired percentage.
5. Save: After you’ve filled out the fields above, click Save.

Your finished criterion will be displayed like the screenshot below:

Exclude Specific Users from Campaigns that are Assigned to All Users

This Smart Group allows you to exclude certain users from campaigns that are assigned to all of your users. We recommend creating this Smart Group if you have unmonitored admin accounts or any other inactive accounts in your KSAT console. Including inactive users in your campaigns may skew your organization’s Phish-prone Percentage and campaign results.

First, create a static user group for your inactive accounts. Name it something identifiable, such as “Inactive Users”.

Then, create a Smart Group for your inactive users. Name this Smart Group something identifiable, such as “Phishable and Trainable Users”.

To create this Smart Group, navigate to the Smart Group Criteria drop-down menu and select User Field. Then, add the following criterion:

1. User Field: Select Group Name.
2. Condition: Select Must.
3. Comparison: Select Equal.
4. Values: Select your inactive user group.
5. Save: After you’ve filled out the fields above, click Save.

Your finished criterion will be displayed like the screenshot below:

Was this article helpful?

5 out of 5 found this helpful

Can't find what you're looking for?

Contact Support