Quick Start

This quick start will take you through the minimum number of steps necessary to run a successful phishing simulation campaign. We also recommend reading all related supporting material if you're new to the platform.

• Step 1. Mail Server Allowlisting
• Step 2. Import your targets
• Step 3. Verify your target domains
• Step 4. Schedule your first campaign

Step 1. Mail Server Allowlisting 

Ensure that you have allowlisted our mail servers. This can be done within your email spam filter and it's to ensure all CanIPhish emails are received without issue. Click here for a step-by-step guide on how to do this with various Email Platforms & Secure Email Gateway technologies.

IPv4 Address:

3.106.21.22

Mail Header:

X-CanIPhish: <INSERT-TENANT-ID>

Note: The Tenant ID can be obtained from your User Profile page. e.g. "X-CanIPhish: add48xx..."

Step 2. Import your targets 

Decide which users you want to target for your first phishing campaign. CanIPhish currently supports two modes of target user input. Each mode can be initiated by traversing to the User Targeting page (i.e. https://caniphish.com/User/TargetUsers) and clicking 'New Target':

1. Manual Input: Using the CanIPhish Web GUI you can manually add users to a target list.

2. CSV Import: Using the CanIPhish CSV template you can add a list of users for bulk import. The workflow operates as follows: 

[1] Download the CSV Template 

[2] Update the CSV contents with your target details 

[3] Specify the document for upload 

[4] Click Bulk Import.

Step 3. Verify your target domains 

To prevent abuse of the CanIPhish platform, we require that you provide evidence of authorisation to target a domain. We perform this through a challenge-response email which contains an authorisation code. While on the User Targeting page (i.e. https://caniphish.com/User/TargetUsers), click 'Domain Verification' and then perform the following actions:

[1] Click 'Verify a New Domain' to begin the authorisation process.
[2] Input a mailbox under your control or under someones control who can provide you with the authorisation code.
[3] Click 'Generate Verification Email' to generate the authorisation email.
[4] Once received, copy the verification code into the input provided and click Verify

 

Step 4. Schedule your first campaign 

To expedite the process of creating and testing your first phishing campaign, the CanIPhish team automatically create an unscheduled phishing campaign upon tenant setup. For the quick setup, we will use this preconfigured campaign and simply schedule it.

First of all, go to the Campaigns page (i.e. https://caniphish.com/User/Campaigns), click 'Update Campaign' to the right of the preconfigured campaign and then perform the following actions:

[1] Add the target list created in Step 2a to the campaign.
[2] Choose to setup your campaign schedule.
[3] Schedule the campaign to operate between certain days and times (e.g. Mon-Fri 8am-5pm during business hours).

[4] Schedule the campaign to recur on a periodic basis or as a one off (note: for periodic campaigns, it's recommended to have multiple template bundles so targets don't receive the same phishing material repetitively).
[5] Optionally, send a test email to yourself to confirm successful email delivery.

All done. Your first campaign is now scheduled!!