This introduction will take you through every step involved in campaign setup, management and reporting. We recommend you read all related supporting material to understand the intricacies of conducting a simulated phishing campaign.
1. What is a phishing campaign?
A phishing campaign is a simulated exercise whereby CanIPhish sends phishing material to users within your organisation. This exercise has the purpose of helping you manage the ongoing threat posed by phishing attacks.
A phishing campaign is designed to help you meet three main goals:
- Discover what type of attacks your employees are vulnerable to.
- Educate employees on how to look for malicious phishing material.
- Report quantitative results showing month-on-month employee learnings.
CanIPhish support the following types of attacks as part of its simulated phishing exercises:
|Phishing Attachment||An attachment attack directs your users to open/execute an attachment.|
|Credential Compromise||A credential compromise attack utilises a phishing link and directs your users to a landing page that looks like a login/data entry screen. We then attempt to trick your users into entering sensitive information.|
|Reply-To (Roadmap)||A reply-to attack requests an email/message-based response from your users.|
2. Campaign functionality deep-dive
Campaign Page Options:
- New Campaign: A multi-tab interactive campaign creation tool. Designed to provide a walkthrough experience for campaign creation, providing recommendations during the creation process.
- View Campaign: Provides real-time campaign statistics and reporting options.
- Update Campaign: Provides the ability to view and update the back-end configuration used to create the initial campaign (e.g. targets, phishing profiles, schedule, etc.)
- Delete Campaign: Provides the ability to delete a campaign entirely. Note that if a campaign was successfully completed or in-progress with atleast 1 email being delivered, the campaign statistics are retained and viewable in the 'Reporting' page.
- Campaign Name: The name given to the campaign.
- Target Count: An aggregate target count of all groups listed in the campaign.
- Delivery Status: The current delivery status - 100% delivered indicates campaign completion.
- Scheduled Date: The 1-5 day date-range in which campaign emails will be delivered (e.g. Monday - Friday). Emails delivered over a date-range are prorated over the days (e.g. 500 emails scheduled over 5 days, will result in 100 email deliveries a day).
- Recurring Campaigns:
- Scheduled Time: The 24 hour time-range in which campaign emails will be delivered (e.g. 9am - 4pm). Emails delivered over a time-range are prorated over the day (e.g. 100 emails scheduled for a day over a 5 hour period, will result in 20 email deliveries an hour).
- Next Delivery: The minutes/hours/days until the next batch of emails will be delivered.
- Action: Provides options to Update or Delete an Active Campaign
- Campaign Name: The name given to the campaign.
- Target User(s): The target groups that will be phished as part of the campaign.
- Mail Server: The mail instance to be used for the campaign. By default this will be the native 'CanIPhish' mail instance, however this can be outsourced to a user provided mail instance.
- Campaign Tags: Optional field for tag-based campaign tracking. Useful for limiting access to users with the "Tenant Reporter" role. Simply type a word and hit enter or space to input it.
- Template Bundle(s): Multiple Template Bundles can be associated to a single campaign. If multiple bundles are specified, users will at random receive one of the specified bundles.
- Sender Profile: The sender profile includes the Email From (e.g. firstname.lastname@example.org) and Email Display Name (e.g. Cloud Support) that a target will receive the phishing material from.
- Phishing Email: The phishing email includes the email body (e.g. all the content you normally see in an email) and any email attachments.
- Phishing Website: The phishing website includes the landing page that a user is directed to if they click a phishing link.
- Delivery Schedule: A future date-range by which a phishing campaign should start and end.
- Schedule (Between Days): The 1-5 day date-range in which campaign emails will be delivered.
- Schedule (Between Times): The 24 hour time-range in which campaign emails will be delivered.
- Schedule (Time Zone): The timezone to use for campaign delivery dates and times.
- Campaign Frequency: Campaigns can be scheduled to send one-off, monthly or quarterly. If campaigns are scheduled to recur, it's highly recommended that multiple template bundles are used to avoid users receiving the same material every month/quarter.
- Send Test Email: A test phishing email is sent to a specified email.
3. Campaign reporting
The status of a phishing campaign can be viewed by clicking the 'View Campaign' hyperlinks within the 'Campaign Name' table column. Viewing a campaign provides you with all necessary information as to who has been targetted to-date and whether emails have been successfully delivered.
If email delivery has been successful, you then get a full picture on the overall success of the phishing material delivered - with indicators around who has viewed an email, clicked the relevant link and/or been compromised by either entering their credentials in a phishing website, responding to an email or executing a potentially malicious file.
Viewing a campaign, provides you with the following information and reporting capabilities:
- Email Address: The email address targetted
- Email Delivery: The status of email delivery. Email delivery is either "Success" or "Failure"
- Email Delivery Date/TIme: The date and time that the phishing email was delivered
- Email Viewed: The "True" or "False" status of whether the phishing email was viewed/opened.
- Email View Date/Time: The date and time that the phishing email was viewed/opened.
- Email Clicked: The "True" or "False" status of whether the phishing link was clicked.
- Email Click Date/Time: The date and time that the phishing link was clicked.
- Target Compromised: The "True" or "False" status of whether the target has been compromised. Either through the entry of data in a phishing website or execution of an email attachment.
- Compromise Date/Time: The date and time that the target was compromised.
- Sender Profile: The sender profile name used to deliver the phishing material.
- Email Template: The email template name used to deliver the phishing material.
- Website Template: The website template name used to deliver the phishing material.
- Print: Print the campaign statistics in a table format.
- PDF: Display the campaign statistics in a PDF with table formating.
- Excel: Downloads the campaign statistics in a excel document.
- CSV: Downloads the campaign statistics in a csv document.
- Copy: Copies the campaign statistics into the clipboard with tabular formating.