I would like to see the ability to resend a phishing email when a user asks what email they clicked onCompleted
Currently there isn't an easy way to resend a phishing email from the phishing campaign. It would be nice if it was possible because I usually get asked following sending out retraining emails what email they clicked on. Or if you have a better idea how to let the users know what email they were phished on.
I wanted to follow up on this community post. We do have the feature now of Social Engineering Indicators for Platinum and Diamond subscription level. This allows you to give immediate feedback to what red flags they should have identified within an email that should have prevented them from clicking. The landing page will show them the email they received, as well as the red flags highlighted, which they can hover over to get additional information.
You can read more about this feature in this article.
Thank you again for contributing to the community board!
Thank you for your input/request! You are correct, there is not an easy way to resend a phishing email so that an end user can see what they clicked. This is because, by design, the phishing emails are only sent as a function of a phishing campaign. We would not recommend sending the phishing emails for any other purpose as this may skew your results for reporting. In addition, NOT showing your end-user(s) what they may have clicked on will force them to inspect emails more thoroughly in the future and this is a STRONGLY desired effect.
In fact, we recommend creating a group in the console for people who “click”. You can then create a “remedial training” campaign which your “clickers” will be automatically enrolled in to reinforce the training they have already had.
If you feel a strong need to show an end-user what they may have clicked, you can send them a screenshot of the email sent. Simply open the specific Phishing Security Test Campaign and click on the Users tab. To the far right of the table you can see the email which was sent to each user by clicking on the envelope icon. The email will open and you can take a screenshot to send to the user.
I hope this helps!
"In addition, NOT showing your end-user(s) what they may have clicked on will force them to inspect emails more thoroughly in the future and this is a STRONGLY desired effect."
Is this really the recommended approach because it seems somewhat contradictory to other components of the platform such as point of failure training/landing pages and red flags. I see the point of getting users to be more aware, but at the same time I've seen it be helpful for users to connect the dots on why they failed due to coincidental timing, or circumstances, etc.
You're absolutely right. This was the recommended approach when this question was asked back in 2016 because at the time we didn't have as many templates to offer and didn't want users to be able to recognize a phishing email test because they'd seen it before. Now, we have new features such as point of failure which shows users the red flags they should have seen and we are creating new templates every week to keep users on their toes.
Please sign in to leave a comment.