I would like to see the ability to resend a phishing email when a user asks what email they clicked on

Completed

Comments

4 comments

  • Official comment
    Avatar
    Ashley Rush

    Hello,

    I wanted to follow up on this community post. We do have the feature now of Social Engineering Indicators for Platinum and Diamond subscription level. This allows you to give immediate feedback to what red flags they should have identified within an email that should have prevented them from clicking. The landing page will show them the email they received, as well as the red flags highlighted, which they can hover over to get additional information.

    You can read more about this feature in this article

    Thank you again for contributing to the community board!

    Ashley
    KnowBe4

    Comment actions Permalink
  • Avatar
    Jerry Smith

    Hi Jesse,

    Thank you for your input/request! You are correct, there is not an easy way to resend a phishing email so that an end user can see what they clicked. This is because, by design, the phishing emails are only sent as a function of a phishing campaign. We would not recommend sending the phishing emails for any other purpose as this may skew your results for reporting. In addition, NOT showing your end-user(s) what they may have clicked on will force them to inspect emails more thoroughly in the future and this is a STRONGLY desired effect.

    In fact, we recommend creating a group in the console for people who “click”. You can then create a “remedial training” campaign which your “clickers” will be automatically enrolled in to reinforce the training they have already had.

    If you feel a strong need to show an end-user what they may have clicked, you can send them a screenshot of the email sent. Simply open the specific Phishing Security Test Campaign and click on the Users tab. To the far right of the table you can see the email which was sent to each user by clicking on the envelope icon. The email will open and you can take a screenshot to send to the user.

    I hope this helps!

    0
    Comment actions Permalink
  • Avatar
    Jason Price

    "In addition, NOT showing your end-user(s) what they may have clicked on will force them to inspect emails more thoroughly in the future and this is a STRONGLY desired effect."

    Is this really the recommended approach because it seems somewhat contradictory to other components of the platform such as point of failure training/landing pages and red flags. I see the point of getting users to be more aware, but at the same time I've seen it be helpful for users to connect the dots on why they failed due to coincidental timing, or circumstances, etc. 

    0
    Comment actions Permalink
  • Avatar
    Maddy Townsend

    Hi Jason,

    You're absolutely right. This was the recommended approach when this question was asked back in 2016 because at the time we didn't have as many templates to offer and didn't want users to be able to recognize a phishing email test because they'd seen it before. Now, we have new features such as point of failure which shows users the red flags they should have seen and we are creating new templates every week to keep users on their toes. 

    Maddy
    KnowBe4

    0
    Comment actions Permalink

Please sign in to leave a comment.