Creating a Campaign – Support Center

Campaigns

Campaigns and phishing testing are a core function of the PhishingBox platform. This article details the process of creating a simulated phishing campaign.

Getting Started

Navigate to Tests / Campaigns > Create Campaign.

This will open the Campaign Wizard. The Campaign Wizard is the central location where you can configure individual simulated phishing tests or campaigns which contain multiple tests to be executed at the time of your choosing.

At each step of the campaign wizard, when you click the "Save & Next" button, the state of your campaign configuration will be saved, and you will be able to continue editing where you left off at a later time.

Campaign Setup
Course Auto-Enroll
Phishing Templates
Target Selection
Verify & Run Test

Campaign Setup

The first step in configuring a campaign is the Campaign Setup stage. Here you will give your campaign a name, choose a group(s) for testing, and schedule simulated phishing emails for sending.

1. Campaign Name: Choose a name for the campaign. We recommend naming your campaigns descriptively, e.g., "All employees Q4 2019".

You will also choose a selection type; by group or by account (reseller only).

2. Group(s): Select the group(s) that you wish to test. If you select multiple groups for testing, you will not be able to omit individual targets in the groups being tested. However, you will still be able to exclude targets using filter parameters at the Target Selection stage.

If you select a single group, you will have the option of choosing individual targets or the entire group. If you wish to select targets from a group for testing, make sure to select "Yes" on the respective select switch.

3. Courses: Switch course auto-enrollment on or off for failing targets. If this is on, targets that fail the simulated phishing test will automatically be enrolled in the courses of your choosing. If this option is enabled, it will reveal the Course Auto-Enroll step in the campaign creation wizard.

4. Admin Notifications: This switch allows you to configure notifications when test targets record actions on simulated phishing emails. I.e., you can be notified when targets fail tests. When the option is on, a new form will appear where you can configure the notifications.

Email Alerts: In this select menu, you can choose the frequency of email alerts; daily, weekly, monthly, or quarterly.
Recipients: Specify email addresses that will receive alert emails, separated by commas.
- Note: DO NOT PUT SPACES IN THIS FIELD.
Webhook URL: Specify a URL where you would like the Webhook response to post. For more information about the webhook, see article: Webhook Response.

5. Frequency: Specify whether you would like the test to run one time or repeat in the future, the number of repetitions, and how often you would like the test to recur. If recurring is selected, additional fields will appear where you can configure intervals. Select from weekly, bi-weekly (every two weeks), monthly, and quarterly. The default is set to repeat weekly one time. You will need a different phishing email template(s) for each time the test is run. Repeated tests' settings will be identical to the base test, aside from email templates used for testing.

6. Start Date, Time, & Timezone: Specify a starting date, time, and timezone for the test to begin. Click the calendar or clock icons for an interactive graphical date/time picker widget.

7. Track Activity: Specify how long you would like to track activity after all of the emails have been sent. The default, and recommended minimum, is one week. After the period specified here ends, the test will no longer track actions on phishing emails.

Once you have finished the Campaign Setup stage, be sure to click "Save & Next" to move to the next step of campaign configuration.

8. Sending: This section contains options related to how you would like the simulated phishing emails to be sent.

If the "Send all emails when the test campaign starts at 'x' per hour" option is checked, then emails will be scheduled to send at the rate specified in the "per hour" field. The emails will be scheduled to send evenly distributed over the hour, per hour, until all the emails in the test have been sent. The default is for 1000 emails to be sent per hour, and the minimum is 25 emails per hour.
If the "Send 'x' emails per target over 'y' Business days/weeks/months" option is checked, then the emails will be scheduled to send randomly on the days and hours that you specify. Click the clock icons to view an interactive time picker widget and set the business hours, and check or uncheck the boxes associated with the days of the week that you would like emails to send. The "'x' emails per target" number represents the number of templates you want to send to a target per test; you will need to select the same amount of email templates that you specify in this field for each repeated test.
- Note: If the test is scheduled to begin on a day of the week that you do not wish to send emails, emails will not start sending until a day that you have specified for sending. This is also true for repeated tests. If a start date occurs on an off day, the emails will not send until a selected day of the week has been reached.
If the "Send emails at the start time based on the targets' timezone setting" option is checked, then the emails will begin sending according to the timezone of each target. If no timezone is set for a target, then the emails will go out according to the timezone of the group.

Course Auto-Enroll

If you enabled course auto-enrollment during the Campaign Setup stage, the next step is configuring course auto-enrollment. If you did not select this option, move to the next step: Phishing Templates.

The course auto-enroll step allows you to auto-enroll targets into selected courses based on their failure type on a group-by-group basis. Each row represents a different group that is being tested. If you have selected courses on the Edit Group page, these will be prepopulated for you here.

1. Integration Settings Lock: When checked, all the groups with LMS integrations of the same type (Litmos, SmarterU, no LMS integration type, etc.) will collapse on the screen and inherit the same Action Trigger specifications.

2. Email Click Actions: Targets who click links in phishing emails will be enrolled in courses in this column. (Note: Attachment open actions do not count as email click actions.)

3. Landing Page Actions: Targets who enter data or click links on landing pages will be enrolled in courses in this column.

4. Reply Action: Targets who reply to reply-to phishing templates will be enrolled in courses in this column.

5. Repeat Offender: You can specify a course that targets will get enrolled into if they fail x number of tests in the last y weeks/months/years.

6. Due Date: The due date of any courses the targets get enrolled into as a results of failing the campaign.

7. and 8. Enrollment Manager Name/Email: The name/email of the enrollment manager. The enrollment manager will be cc'd on all course enrollment, reminder, and past due emails that get sent to the student.

Once you have selected the courses in which you want to auto-enroll targets, click "Save & Next" to move to the next step of the campaign wizard.

Phishing Templates

The next step in creating a campaign is selecting the phishing email templates you intend to use to test targets. You can add custom templates you have built or edited in your account, or you can use pre-made templates from the Portal template library.

1. My Phishing Templates: This tab contains all the email templates that are owned by your account, e.g. any templates that appear on the Manage Templates page.

2. Template Library: From this tab, you can select pre-made templates from the Portal Template Library.

3. Filter Templates: Type in this field to filter the templates by the criteria that you type. This filter can filter by any criteria, including template categories and brand names.

4. Sort Select: Use this select menu to choose how templates in the template window are sorted. Choose to sort by name, category, or date edited.

5. Template Window: This window contains all the templates relevant to the tab you are viewing, be it My Phishing Templates or Template Library.

6. Action Buttons: Click "Add" to add the respective email template to the test. The downward arrow contains more options;

Preview Template Email allows you to preview the email template.
Preview Template Landing Page allows you to preview the email template's landing page. If the email template does not have a landing page, then this option will be disabled.
Edit Template will open the template editor and allow you to make changes before deploying the template.

7. Selected Templates: This section lists all of the templates you have added to the test. Depending on the settings you configured in the Campaign Setup stage, you may have to select multiple templates for testing. This is indicated by the ratio displayed in the header text. The test will not begin until you have added the correct number of templates.

After configuring the email templates you wish to use for the Campaign, click "Save & Next" to move to the next stage of the campaign wizard.

Target Selection

The target selection step will differ depending on whether you selected a single group or multiple groups for testing.

Single Group

1. Target Allotment: This section contains information about target availability for the campaign. Available targets, targets included in the campaign and targets remaining after testing are displayed respectively.

2. Target Selection Column: This column contains checkboxes for target selection. Unchecked targets will not be tested. Checked targets can also have mass actions performed on them using the buttons in section 8. Click the to display more information about the target.

3. Target Name Column: This column displays the name of the target and their sub-group if applicable.

4. Address Column: This column displays the target's email address, and a if the target's email address is valid. If the target's email address is invalid, a will be displayed and the target's row will be highlighted red. The Last Test column will display the date of the last test in which the target participated.

5. Filter Targets: Click the button to open the filter targets window. This window allows you to filter targets in the group based on certain criteria.

Click the "Apply" button to filter the group based on the desired filters.

6. Edit Target Column: Click the "Edit" button in this column to open the edit target window. In the edit target window, you can edit a target's information before testing. A indicates that the target is active, a indicates that the target is inactive.

Click "Save" after you are finished editing the target's information to record the changes.

7. Mass Action Buttons: A button group that contains buttons that will perform actions on selected targets.

Delete: Remove the selected targets from the group.
Assign Sub-Group: Assign the selected targets to a sub-group.
Add New: Open the Add/Edit target window to add a new target to the group manually.
Import From: This button allows you to import targets into the group using the integration method of your choice before testing.

Multiple Groups

If you selected multiple groups for testing in the Campaign Setup step, then target selection for multiple groups will be displayed on the Target Selection step.

1. Use Field Filters: If this switch is turned on, you can choose to exclusively test targets in the selected groups based on the criteria entered in this form.

2. Use Mathematical Auto Selection: If this switch is on, you can choose to exclusively test targets in the selected groups based on the criteria in this form.

By %: Select targets randomly until the given percentage of the targets in all groups have been selected.
By #: Select targets randomly until the given number of targets have been selected. If you select multiple groups to include in the campaign, then the number of targets will be pulled from each group and included in each test that is scheduled.
By Confidence Level: Select targets based on the confidence level. Confidence level is a concept in statistics that measures, given a subset of a population, the confidence with which one can measure the variable being tested in the population as a percentage.

After selecting and editing targets as desired, make sure to click "Save & Next" to save your changes and move to the next step.

Verify & Run Test

This is the final stage of campaign creation. In this step, you are prompted to authorize any domains that have not been authorized for testing, and you are given the option of reviewing the test configurations.

1. Domain Info: This section contains information about the domains being tested, accounts, and groups that the domains are associated with their respective columns.

2. Domain Authorization Emails: Enter the name and email address of the person(s) who will be authorizing the tests in their respective fields. Once domains have been authorized for testing, tests will begin as scheduled.

3. Group Targets: Click the to expand the Group Targets information section. This section displays the group(s) being tested and the number of targets in each group, respectively.

4. Campaign Tests: Click the to expand the Campaign Tests information section. The "Tests with insufficient target counts" section will display any tests that do not have sufficient target emails to run. In order for any tests listed here to run, you will have to purchase more target emails.

The Campaign Tests section will display every test in the campaign, the sending method, start date, end date for email send, end date for data collection, and total test length.

5. Templates Used: Click the to expand the Templates Used section. This will display all the phishing email templates being used in the tests and the from email address of the template.

After you have reviewed your tests and templates and submitted the authorization emails for the domains you are testing click the "Finish!" button to schedule the tests. The test(s) will begin on the dates scheduled when all domains have been authorized for testing.