In this article, we will cover creating your first Phishing Campaign.
We will create an example campaign from start to finish, which will give you an understanding of how to create and edit your own campaigns in the future.
The aim of this example campaign will be to send a custom Facebook Login Alert template (see our Cloning Templates video) to all users with No Training, then we can see who opens it, who replies to it, and who clicks on the link.
This gives us a good idea of how our staff respond to a simple Phishing email.
As with all the examples, you can substitute the names and descriptions used within for your own organisation's.
Tags and Templates:
- "Phishing Campaign 1" - Assigned to our custom Facebook Email Template.
- "No Training" - Assigned to Recipients we wish to target.
- "Clicked Facebook Link" - To assign to Recipients who click our Phish Hook Link within the Campaign's email.
If you do not have these Tags, create them or use your own to follow along.
From the main dashboard
- Click "Campaigns" under "PHISHING" on the main menu
- Click "CREATE NEW CAMPAIGN"
Step 1 - Campaign Description
- Name it "Phishing Campaign 1"
- Assign the Tag "Phishing Campaign 1"
Step 2 - Recipient Information
- Under "Select individual Recipient Tags to send emails to", select the "No Training" Tag
- This ensures it only goes to the Recipients we want, you can select many Tags here or even "Send emails to all Recipients" for an organisation-wide campaign
Step 3 - Scheduling Details
- We want it to start straight away so we won't edit the time
- By default, the start time of a new campaign will be the current time, using the organisation's time zone
- As we're only sending one email, we want to "Send all emails now"
- We don't wish to exclude any dates so we leave this section blank
- To add authenticity when scheduling Campaigns, think about times you may wish to exclude from sending
- E.G - A recipient is probably unlikely to open an email from the "Finance Team" on a day when the company is closed (e.g - Weekends or Bank Holidays)
- We don't want it to keep sending the same email so we leave it as Never Repeat emails
Step 4 - Campaign Tracking
- The default tracking time is 1 week, which we will leave as is
- As we want to know who replies to it, we'll hit "Track user replies"
- Don't forget to specify an email address in the Custom Reply-to Address, if you leave this blank Recipient's emails won't be tracked
- We also want to know what they respond so will "Keep reply content for review"
Step 5 - Email Content
- We want to use our Custom Facebook Template which we assigned the Tag "Phishing Campaign 1"
- There is only one email, but in case we add more under the same Tag later we will select just our Facebook Template
- We can select a Facebook domain to add more authenticity
- We know our Template takes us to our Phishing Hook Landing page so will leave this as default
- We want anyone who clicks this link to be Tagged "Clicked Facebook Link" so we can filter the Recipients later
All Phishing Campaigns are refreshed every 60 seconds, so you will see the status as "Waiting" for a short while before it begins.
We'll leave this for a while until the Recipients have had a chance to react to the Campaign...
After this has run for some time, it's time to Review the Campaign.
To learn about Reviewing the Campaign, check out the link below: