How Click-Prone are your staff?
Below is a guide to completing your free Click-Prone test. No software download or installation is required. By default, the test is limited to 100 recipients. Please contact us via the online chat or email@example.com if you require more.
Before you send your Click-Prone Test, you will need to whitelist Phishing Tackle in your mail server and any spam filter you may be using. This ensures the emails will be delivered and tracked correctly to all recipients. Information on whitelisting can be found here. Your mail server may also have rate-limiting configured which will stop a large number of emails being delivered at once, this will have to be adjusted to allow for all 100 emails to be delivered correctly.
Part 1: Registration
Step 1: Sign up
Once you have entered your information, you'll receive an email with instructions to get you set up.
Follow the instructions and you will be redirected to the page below.
Use your company email address and a strong password to create your Click-Prone account.
- NOTE: Be sure to use the correct email domain, you can only send the test to others on the same domain.
Note: You can only use business email accounts, not publically-available email services like Live, Gmail or iCloud.
Step 2: Confirmation email and login
Once you have completed step 1 you will receive an email containing an activation link. Check your emails and follow the link within to activate your Phishing Tackle account. If you have not received the email within a few minutes, check in your spam/junk folder and make sure to complete the whitelisting steps in the first note of this article.
Once the email has been confirmed you can log in again and get started!
Part 2: Click-Prone Test
Step 1: Choose your industry
Select your industry sector, along with your organisation's size. This will allow you to compare your results with industry benchmarks later.
Step 2: Select your email template
Choose the style of phishing template you think will suit your organisation best. We offer four templates:
- Generic Change password
- Microsoft 365 (formerly Office 365) /Azure
- Google Docs/Mail
- Microsoft Exchange
All templates ask the recipients to change their password and will appear to come from your organisation's IT department. Naturally, it's recommended you choose a template that matches your organisation's email environment. Feel free to preview each one by clicking on their thumbnails.
Step 3: Select your landing page
Next, choose which landing page (the page a recipient is redirected to when they email link) you would like your recipients to see when they click the link within the simulated phishing email. You have two choices:
- "Whoops!" page
- This will inform your recipients that they clicked on a simulated phishing email and bring to their attention certain things they should have looked out for ("Alarm bells")
- Error 404 page
- This generic page will often leave recipients thinking they have just clicked on a broken link, it is useful if you don't want your staff to know they have been part of a simulated phishing test.
Step 4: Enter recipients
Enter up to 100 recipients, one per line, to send the test to. Make sure to only use recipients from your own domain.
All email addresses entered here are only used for the Click-Prone Test and are not added to any mailing lists for marketing.
Step 5: Preview and test
The next page allows you to preview and send a test email to yourself, so you can see exactly what your staff will receive.
It will also remind you to set up whitelisting as mentioned at the beginning of the article.
Note: Your recipients may not receive any emails if you have not correctly set up whitelisting.
Send yourself a test email to be prepped for what your recipients will see.
Step 6: Send and review
Once you are happy everything is set up correctly, hit the green button to send your simulated phishing emails!
Your recipients will all receive the simulated phishing email (example below) with the "Change password" link.
The Click-Prone Test records how many recipients click the link (further information is available upon contacting us).
The final page shows how many recipients clicked on the email and measures it against your industry standard.
You can return to this page at any time to review the results and your Click-Prone percentage, we recommend waiting around 24 hours for your recipients to react to the simulated phishing campaign.
You can also download a PDF report of your results from here.
If you would like to know who clicked on the emails, contact us via the online chat or firstname.lastname@example.org and we will assist you immediately!