This introduction will take you through the setup and ongoing management of simulated phishing and security awareness training campaigns. Before setting up your first campaign, we recommend you configure allowlisting on your email collaboration platform.
1 Campaign types
CanIPhish support three types of campaigns:
- Simulated Phishing: Employees are sent simulated phishing content to identify those who fall for the phish.
- Security Awareness Training: Employees are sent training modules which contain a mixture of educational content and quiz questions. This campaign type will assign trainings to employees immediately after the campaign is saved.
- Simulated Phishing & Security Awareness Training: Employees are sent simulated phishing content, those who fall for the phish are auto-assigned training modules.
1.1. Simulated Phishing Payloads
CanIPhish support the following types of simulated attacks as part of its simulated phishing exercises:
|Phishing Attachment||An attachment attack directs your users to open/execute an attachment.|
|Credential Compromise||A credential compromise attack utilises a phishing link and directs your users to a landing page that looks like a login/data entry screen. We then attempt to trick your users into entering sensitive information.|
|Reply-To||A reply-to attack entices the victim to provide a response. This type of attack is often more complex in nature and the victim is eventually enticed to perform an action that will ultimately benefit the attacker.|
1.2. Security Awareness Training Modules
Employees assigned training modules must achieve a passing score before the modules can be marked off as complete. Assignments become overdue after a period of 14 days and reminders are sent to the learner every 3-5 days over a period of 4 weeks. See our list of security awareness training topics.
2. Campaign functionality deep-dive
Campaign Page Options:
- New Campaign: A multi-tab interactive campaign creation tool. Designed to provide a walkthrough experience for campaign creation, providing recommendations during the creation process.
- View Campaign: Provides real-time campaign statistics and reporting options.
- Update Campaign: Provides the ability to view and update the back-end configuration used to create the initial campaign (e.g. targets, phishing profiles, schedule, etc.)
- Delete Campaign: Provides the ability to delete a campaign entirely. Note that if a campaign was successfully completed or in-progress with atleast 1 email being delivered, the campaign statistics are retained and viewable in the 'Reporting' page.
- Campaign Name: The name given to the campaign.
- Campaign Type: Type of campaign scheduled. Either a Simulated Phishing, Security Awareness Training or Simulated Phishing and Security Awareness Training campaign.
- Delivery Status: The current delivery status - 100% delivered indicates campaign completion.
- Scheduled Date: The 1-5 day date-range in which campaign emails will be delivered (e.g. Monday - Friday). Emails delivered over a date-range are prorated over the days (e.g. 500 emails scheduled over 5 days, will result in 100 email deliveries a day).
- Recurring Campaigns:
- Scheduled Time: The 24 hour time-range in which campaign emails will be delivered (e.g. 9am - 4pm). Emails delivered over a time-range are prorated over the day (e.g. 100 emails scheduled for a day over a 5 hour period, will result in 20 email deliveries an hour).
- Next Delivery: The minutes/hours/days until the next batch of emails will be delivered.
- Action: Provides options to Update or Delete an Active Campaign
- Campaign Name: The name given to the campaign.
- Campaign Type: The type of campaign to be scheduled.
- Target Employee(s): The employee lists that will be phished as part of the campaign.
- Mail Server: The mail instance to be used for the campaign. By default this will be the native 'CanIPhish' mail instance, however this can be outsourced to a user provided mail instance.
- Campaign Tags: Optional field for tag-based campaign tracking. Useful for limiting access to users with the "Tenant Reporter" role. Simply type a word and hit enter or space to input it.
- Template Bundle(s): Multiple Template Bundles can be associated to a single campaign. If multiple bundles are specified, users will at random receive one of the specified bundles.
- Sender Profile: The sender profile includes the Email From (e.g. firstname.lastname@example.org) and Email Display Name (e.g. Cloud Support) that a target will receive the phishing material from.
- Phishing Email: The phishing email includes the email body (e.g. all the content you normally see in an email) and any email attachments.
- Phishing Website: The phishing website includes the landing page that a user is directed to if they click a phishing link.
- Training Module(s): Multiple Training Modules can be assigned as part of a campaign. Any included employee will have all selected training modules assigned.
- Delivery Schedule: A future date-range by which a phishing campaign should start and end.
- Schedule (Between Days): The 1-5 day date-range in which campaign emails will be delivered.
- Schedule (Between Times): The 24 hour time-range in which campaign emails will be delivered.
- Schedule (Time Zone): The timezone to use for campaign delivery dates and times.
- Campaign Frequency: Campaigns can be scheduled to send one-off, monthly or quarterly. If campaigns are scheduled to recur, it's highly recommended that multiple template bundles are used to avoid users receiving the same material every month/quarter.
- Send Test Email: A test phishing email is sent to a specified email.
3. Campaign reporting
The status of a campaign can be viewed by clicking the 'View Campaign' hyperlinks within the 'Campaign Name' table column. Viewing a campaign provides you with all necessary information as to which employees have been targetted to-date and whether emails have been delivered or trainings assigned
3.1. Simulated Phishing Campaign Reporting
If email delivery has been successful, you then get a full picture on the overall success of the phishing material delivered - with indicators around who has viewed an email, clicked the relevant link and/or been compromised by either entering their credentials in a phishing website or executing a potentially malicious file.
Viewing a campaign, provides you with the following information and reporting capabilities:
- Email Address: The email address targetted
- Email Delivery: The status of email delivery. Email delivery is either "Success" or "Failure"
- Email Delivery Date/TIme: The date and time that the phishing email was delivered
- Email Viewed: The "True" or "False" status of whether the phishing email was viewed/opened.
- Email View Date/Time: The date and time that the phishing email was viewed/opened.
- Email Clicked: The "True" or "False" status of whether the phishing link was clicked.
- Email Click Date/Time: The date and time that the phishing link was clicked.
- Target Compromised: The "True" or "False" status of whether the target has been compromised. Either through the entry of data in a phishing website or execution of an email attachment.
- Compromise Date/Time: The date and time that the target was compromised.
- Sender Profile: The sender profile name used to deliver the phishing material.
- Email Template: The email template name used to deliver the phishing material.
- Website Template: The website template name used to deliver the phishing material.
- Print: Print the campaign statistics in a table format.
- PDF: Display the campaign statistics in a PDF with table formating.
- Excel: Downloads the campaign statistics in a excel document.
- CSV: Downloads the campaign statistics in a csv document.
- Copy: Copies the campaign statistics into the clipboard with tabular formating.
3.2 Security Awareness Training Campaign Reporting
If employees are assigned trainings, you will then get a full picture as to how they're tracking with module completion - with indicators on when the module was assigned, what their best score has been, and how many attempts they've had among other statistics.
- Email Address: The email address of the targetted employee
- Training Module: The name of the training module assigned to the employee.
- Date Assigned: The date that the training module was assigned to the employee
- Attempts: Number of attempts taken so far to complete the training module
- Score: Best score achieved by the employee for this training assignment
- Score Date: Date of the best score achieved by the employee for this training assignment
- Passing Score: Minimum score required before the assignment can be marked as complete.
- Status: Can either be "Complete", "Not Attempted", "Error - Domain Not Verified", "Error - Quota Limit Exceeded", "Not Passed" or "Overdue"
4. Frequently Asked Questions
- If I select multiple phishing emails, will each employee receive multiple emails? No. At the time of delivery, we randomly select one of the phishing emails specified during campaign setup. We then deliver each employee a random email. This helps ensure that no two employees receive the same email and warn their colleagues of the upcoming phishing test.
- If I assign the same training module to the same employee back-to-back twice, will they need to complete that training module twice? No. We have built-in functionality which checks if an employee already has an active training assignment for a given training module OR if they have completed that module in the past 14 days. If either criteria is met, we won't re-assign the training, we'll instead track the status of the recently assigned/completed training.
- How do employees access their training modules to complete them? At the time of assignment, we will send employees an email which contains all the information they need. We'll send across their username, an access token, login URL (https://learn.caniphish.com/Platform/Login) and an overview of which training modules have been assigned.
- How long do employees have to complete a training module? All modules must be completed within 14 days of assignment. If a module isn't completed, we'll mark the assignment as Overdue until the employee obtains a passing score.
- Are employees sent reminders of which training modules they have assigned and when they are due? Yes. We will send reminders to employees on days 6, 10, 14, 16, 18, 20, 22, 26, 30, 35, 40, 48 and 60. If an employee doesn't complete a training module after Day 60, we will stop sending reminders.
- What address will reminder emails come from and do I need to setup email allowlisting? Emails will appear to come from email@example.com (unless you have setup white-labelling and your own domain is in-use). We do recommend that these emails are allowlisted as they will likely end up in employee Junk/Spam folders if not.
Please sign in to leave a comment.