TABLE OF CONTENTS

Phishing Simulation

A Phishing Simulation is a test carried out by an organization where simulated phishing emails are sent to employees to determine their cyber security awareness level. It is usually a part of a Security Awareness Program that aims to educate employees about phishing and other cyber threats.


Create a Phishing Simulation

  1. Log in to Phish Insight.

  2. Go to Campaign and click + New campaign.

  3. Name your campaign 
    1. Name - a short descriptive name from 1 to 40 characters that helps you identify the purpose of the campaign, e.g. `Campaign for New Hires`.


  4. Select the recipients 
    1. Deliver to - group/s that you want to include in the phishing simulation campaign. All members of the selected group will receive the phishing email. 
      All visible groups are based on the current active users and groups data source.

  5. Select a phishing email 
    1. Phishing Email Template - phishing email templates you want your users to receive. 
      1. From our templates - indicate one system phishing email template to use.

            You can click the preview button to check what will the template looks like.    
      2. From saved templates - indicate one customized phishing email template to use. You can also click the preview button to check what will the template looks like.
      3. Random - uses different phishing email templates available from the specified category.
         This option does not support previewing of template and selection of landing page.
            You can choose from different labels of phishing email templates
        1. My Labels - includes labels you created and `Unlabeled` label
        2. System Labels - includes labels provided by Phish Insight
  6. Select a landing page 
    1. Landing page - the page you want your users to be redirected to after they click the links from the campaign emails.
      1. Use Default - uses the default landing page of the phishing email template.
      2. From our templates - indicate one system landing page to use. 

            You can click the preview button to check what will the landing page looks like.
         
      3. From saved templates - indicate one customized landing page to use. You can also click the preview button to check what will the landing page looks like.

  7. Determine when to launch your campaign 
    1. Date and Time - date and time that the campaign starts.
      1. Now - starts the campaign right after you create it
      2. Scheduled - starts the campaign on a specific Date and Time

    2. Launch frequency - campaign occurrences in a period.
      1. One time - campaign occurs once.
      2. Monthly - the campaign will occur every month.
      3. Quarterly - the campaign will occur every three months

    3. Time zone - official time zone of the target users. It can impact the expected delivery time of simulated phishing emails
  8. Determine how you want the emails to be sent  - indicates when you want your users to receive the campaign emails. 
    1. All at once - sends all the campaign emails at the start of the campaign
    2. Over period of time - sends the campaign emails evenly over a period of time
      1. Numbers of day - the emails will be delivered over the specified number of days
      2. Define sending days and hours - days of the week you want the campaign emails to be delivered. 
      3. From - start time of the day when the phishing emails are expected to be delivered
      4. To - end time of the day when the phishing emails are expected to be delivered


  9. Define monitoring period
    1.  Numbers of days - number of days that you want to monitor the users' response 

      You can also check the schedule of campaign rounds by using the time calculator.
  10. Click Create Campaign.

Create a Monthly / Quarterly Simulation

  1. Log in to Phish Insight.
  2. Go to Campaign and click + New campaign.
     
  3. Fill out the New Campaign form.

  4. Select Monthly or Quarterly in Launch Frequency.
    Note: Monthly and Quarterly campaigns are computed by months, and not days. You don't have to worry if you want to set your campaign at the end of the month because it will automatically start the next campaign on the last available day of the next month.

    Example:
    Launch Date: August 31, 2020
    Launch Frequency : Monthly
    Next Start Date: September 30, 2020


  5. Click Create Campaign.

Create a BEC (Business Email Compromise) Simulation

Business Email Compromise (BEC) is a type of scam wherein corporate or publicly available email accounts are either spoofed or compromised to do fraudulent wire transfers. Phish Insight enables you to create a campaign that simulates this kind of attack.

  1. Log in to Phish Insight.

  2. Go to Campaign and click + New campaign.

  3. Select BEC Simulation as campaign type.

  4. Select the recipients 
    1. Deliver to - group/s that you want to include in the phishing simulation campaign. All members of the selected group will receive the phishing email. 
      1. All Users - sends the campaign to both Custom and AD type groups
      2. Custom -  includes recipients from groups you have created
      3. On-premise AD - includes the groups synced from your Microsoft Active Directory
      4. Dynamic - are groups based on conditions. e.g. Employees that joined in the last 7 days

  5. Select a BEC phishing email 
    1. Phishing Email Template - phishing email templates you want your users to receive. 
      1. From our templates - indicate one system phishing email template to use.
            You can click the preview button to check what will the template looks like.     

      2. From saved templates - indicate one customized phishing email template to use. You can also click the preview button to check what will the template looks like.
  6. Enable Save email replies for review.
    1. Save email replies for review - saves the users' response as part of your campaign analytics
  7. Define sender name and address 
    1. Use default - acquires the sender name and address from the phishing email templates as the reply-to name and address.
    2. Custom 
      1. Reply-to name - indicates the name you want for your reply-to Names e.g. `Samantha Alegre'
      2. Reply-to address -  indicates the username you want for your reply-to address e.g. `samantha_alegre@mail.beta.phishinsight.com`
      3. Domain - choose what domain name you want for your reply-to email address e.g. `samantha_alegre@mail.beta.phishinsight.com`

  8. Determine when to launch your campaign 
    1. Date and Time - date and time that the campaign starts.
      1. Now - starts the campaign right after you create it
      2. Scheduled - starts the campaign on a specific Date and Time

    2. Launch frequency - campaign occurrences in a period.
      1. One time - campaign occurs once.
      2. Monthly - the campaign will occur every month.
      3. Quarterly - the campaign will occur every three months

    3. Time zone - official time zone of the target users. It can impact the expected delivery time of simulated phishing emails

  9. Determine how you want the emails to be sent  - indicates when you want your users to receive the campaign emails. 
    1. All at once - sends all the campaign emails at the start of the campaign
    2. Over period of time - sends the campaign emails evenly over a period of time
      1. Numbers of day - the emails will be delivered over the specified number of days
      2. Define sending days and hours - days of the week you want the campaign emails to be delivered. 
      3. From - start time of the day when the phishing emails are expected to be delivered
      4. To - end time of the day when the phishing emails are expected to be delivered


  10. Define monitoring period
    1.  Numbers of days - number of days that you want to monitor the users' response 

      You can also check the schedule of campaign rounds by using the time calculator.
  11. Click Create Campaign.