Getting started with PhishingBox
PhishingBox allows you to test your employees with simulated phishing attacks. The platform makes it easy to measure and demonstrate your employees' aptitude and progress with visual dashboards and reports, and offers training solutions as a control measure against would-be attackers.
Follow the links in the sections below for tutorials detailing the primary components of a phishing test and make your firm more secure starting today!
For your phishing targets to be tested, the first step is ensuring that the phishing emails will be delivered. Safelisting (whitelisting) is the process of configuring your email client and security tools to allow phishing emails to reach your users. PhishingBox must be properly safelisted in your security configuration before testing can begin. Once you have properly safelisted, we recommend that you configure pilot campaigns to a small number of users or yourself to verify deliverability. The links below contain instructions detailing safelisting methods for the most popular email clients and security tools. If your email client or security configuration is not listed, visit the safelisting section of the user guide or consult with your security tools' vendors.
- Safelisting (Whitelisting) Basics
- Safelisting IP Addresses and Email Headers in Exchange 2013, 2016, or Office 365
- Instructions for Safelisting in G Suite
In order to get started testing with PhishingBox you must first create a group and add phishing targets. Groups contain the targets that you wish to test with simulated phishing campaigns. In order for a target to be tested they must be in a group. Groups can be created and targets synced from various third-party platforms such as AzureAD, LDAP, or a CSV file. For more information and instructions related to groups see the following articles.
- Add / Edit Group
- Manage Groups
- Manage Targets
- Importing from CSV
- Importing from Office365/Azure AD with Microsoft Graph
- Import from LDAP
Campaigns are the primary function of PhishingBox. Campaigns are containers for simulated phishing tests. A campaign can test multiple groups or accounts (reseller only). For instructions and information related to configuring campaigns see the following articles.
Templates refer to the phishing experience you will use to test potential targets. Templates include email templates, landing page templates that will record actions taken on a web page, and training page templates that provide training to targets that fail tests. PhishingBox offers many pre-configured templates in the template library that are ready-to-use so that you can get phishing testing started quickly and easily. See the articles below for additional information regarding template creation and customization.
- Manage Templates
- Template Library
- Create Template
- Customizing Templates - Email Tab
- Customizing Templates - Landing Page Tab
- Customizing Templates - Training Page Tab
The Portal security courses provide an added layer of training to your users. You can manually enroll targets and groups into courses, as well as auto-enroll targets into a course after they fail a campaign. Portal also provide course programs, which are groupings of courses that a user can take. For information related to enrolling targets into courses, creating courses content, .
- Enrolling Targets into Courses
- Creating Courses
- Editing Course Content
- Editing Program Content
- Managing Enrollments
Note: We strongly recommend that users take courses in Chrome, Firefox, or Edge. They should be using a recent browser version.
The core concepts outlined above cover the basics of testing you firm's vulnerability to phishing attacks with PhishingBox. There are many more features, including account email customization, learning management system integrations, and an Office 365 add-in that you can use to improve your firm's email security. Consult with the user guide to learn more about all of the features PhishingBox offers, or contact email@example.com with any questions or comments.