I've setup a three tier phishing campaign for our users with Smart Groups:
-Users in the SG-Beginner Phishing group get weekly phish tests of 1-2 star difficulty. Criteria is: User must, have clicked, more than, 0 time, in the last 4 weeks
-Users in the SG-Intermediate Phishing group get bi-weekly phish tests of 3-4 star difficulty. Criteria is: User must not, have clicked, more than, 0 time, in the last 4 weeks. User must, have clicked, more than, 0 time, in the last 12 weeks
-Users in the SG-Advanced Phishing group get monthly phish tests of 5 stars. Criteria is: User must, have clicked, more than, 0 time, in the last 12 weeks
Our phishing campaigns just kicked off and the advanced group is extremely effective and has already gotten a number of clickers. The only issue I've encountered now is that the categories I've selected have test emails which contain attachments for users to open, which is a different Phish Event filter which keeps them in the SG-Advanced Phishing group even though they technically failed.
I'm trying to think of some ways to work around this possibility, but I believe the (hopefully) easiest route would be to allow for designating the criteria to be matched in an AND/OR scenario, and allow for instance the beginner phishing group to have criteria of:
User must, have clicked, more than, 0 time, in the last 4 weeks
User must, have opened attachment, more than, 0 time, in the last 4 weeks
This would then for instance allow me to create a good catch all of failure incidents for the beginner group. So far the only workarounds I have thought of are:
-Making the Beginner/Intermediate/Advanced SGs a criteria of their Phish Prone %.
-Creating simultaneous Smart Groups and Phishing campaigns related to clicks vs opening attachments.
-Making sure the phishing campaigns are only sending phish emails requiring clicks, although if possible I'd like to avoid that.
Any help would be greatly appreciated! I'm hoping this doesn't already exist and have tried to double check before making this post, so hopefully I'm just not missing some very obvious answer.
Please sign in to leave a comment.