PhishProof Campaigns

Written By Marissa Fegan (Super Administrator)

Updated at September 19th, 2024

Click a PhishProof category below to expand and learn more.

Campaign Types

PhishProof Campaign Types

Email      
This tool will allow you to send out one or multiple emails to selected users. Choose email templates from our library of system templates, your organization's custom templates, or a bit of both.     
These emails can be sent to users at randomized times during a specified time span or all at once.

USB Baiting     
This tool will allow you to place a special file provided by PhishProof onto your own USB drive. This USB drive can then be placed into a common space in your organization. 

Examples: Parking lot, Breakroom, or another high traffic location. 

This allows your organization to assess whether employees are at risk of opening files or enabling macros on documents from found USB devices 

 
 

Email Template Types

Email Template Types

Link Click     
This campaign type will send an email that prompts the recipient to click a link.    
The user's action will be recorded upon clicking the link or previewing the link long enough for the tracking script to run. Upon performing one of these actions the user will see an education landing page.

Form Submit     
Campaigns of this type will ask the recipient to fill out a form with their information (we do not retain this data).    
The users action will be recorded in the event they submit the form, and the Education Landing Page will open in a separate browser tab. 

Attachment     
This type of campaign will send an email in which the recipient is asked to open an attachment (a Microsoft Office file). 

When opened, instead of being directed to the Education Landing page as with other campaigns, the contents of the file informs the user about the risk of their action and provides instruction on what measures to take going forward to prevent similar scenarios.

The opening of the attachment will be recorded for the Learner.

(If you choose an attachment with macros, then the user must enable macros for the result to record.)

 
 

Difficulty Levels

Template Difficulty Levels 

Our library contains templates of varying degrees of difficulty for users to detect. Easy Templates will contain more spelling errors and fewer details specific to the recipient, and on the other end of the spectrum, the Hard templates will contain the most detail in relation to the recipient. The Medium level will be somewhere in the middle. 

Easy 

  • Many spelling errors 
  • No Details Specific to User in Content 
  • Urgent or Outrageous Requests

Medium 

  • Details specific to the user such as First/Last name (accomplished through system variables) 
  • Common spelling errors and grammar mistakes

Hard 

  • Details specific to the user such as First/Last name (accomplished through system variables) 
  • Very few spelling errors if any.
 
 

Email and Landing Page Customization

PhishProof now offers the ability to clone System Templates and Education landing pages, customize them, and save them as “My Templates”.

Customize Templates

Templates -> Email Templates -> System Templates

Navigate to the (1) Templates main tab and select (2) Email Templates. Once you have saved customized templates, they will be displayed in the My Templates sub-tab.

To start, click on the (3) System Templates sub-tab.  Use the search and filter options to locate a template. You can preview any template by clicking on the template name in the center column.

Shortcodes in Org Admin and Super Admin Templates

The Org Admin and Super Admin email template editors now have shortcodes available, including:

  • 27 new user profile variables 
  • iLMS console user variables (e.g., organization name, first name, email address, hire date, etc.) with the ability to include custom fields 

Please note that while the Super Admin console shows all available variables, the Org Admin console only shows those added in iLMS.

Clone a System Email

Once you've identified a template you'd like to serve as a starting point for your custom template, hover over the template and the clone icon will appear.

When you click the clone icon, the “Clone Template” dialogue will pop-up.  
Here you can change the name of your custom template before clicking the Clone Template button. 

Once you have cloned a system template, it will now appear under the "My Templates" sub-tab.  
You can navigate to the template type by choosing one from the “Show All Templates” dropdown list.

Edit the Cloned Template

  • Find the template that you have cloned under the My Templates sub-tab.
  • Hover over the template name to reveal the edit icon. Click on the Edit icon to modify the template.  
    This will open the “Customize Email Template page” where you can edit the header and email content for each available language option.

NOTE: Custom templates must be enabled after creation in order to appear in the campaign builder for selection. Once your custom template is finalized hover over the template in this list and click the power button to enable it for use in campaigns.

 

Edit the Email Template Header and Contents

The PhishProof Editor offers the option to manipulate pre-designed content blocks or upload images through its embedded drag and drop function. The header information and sections of email content can be edited by hovering over the section and clicking the pencil icon that appears.

Additional content sections can be added to your email template by dragging items from the "Blocks" column shown on the left into the body of your email template.

Note: Misspellings and grammatical errors found in the email content are intentional and reflective of true phishing attack characteristics.  

Note: The editor does not support content that has been dragged and dropped into the template from external sources. Content must be added using existing building blocks and upload tools.  
Templates containing unsupported content may fail to send.

 

Tip: If your template has an image, double-click the image to modify or replace the image.

 

Edit the Translated Versions

Most system templates have been translated into the languages listed under the Template Language dropdown. Select the language in which your users will receive phishing emails to edit the template in that language. You will have to do this for each language that your users use.

Note: Edits to the English system template will NOT carry over to other language templates.

 

Once desired changes have been made to each email template, click Save Template to save changes.  
To make your template available for use, return to the main My Templates page and click the toggle under the Active column to turn the template on. 

Customize Education Landing Pages

Templates -> Education Templates -> System Education Page

Education Landing Pages are teaching components that will be displayed in correspondence to the type of phishing email selected. When a target user clicks on a “target link or attachment,” this educational page will open with a video that identifies the common notable phishing attack characteristics. 

Navigate to the (1) Templates main tab and select (2) Education Templates. Once you have saved customized templates, they will be displayed in the My Education Page sub-tab. 

To start, click on the (3) System Education Page sub-tab, choose a template, and click on the corresponding Clone icon under the Actions list. You can preview any template by clicking on the Preview icon under the Actions list.

Clone a System Education Landing Page Template

When you click the Clone icon, the “Clone Template” dialogue will pop-up. Don’t forget to change the template name before you click the Clone Template button. 

Once you have cloned a system template, it will automatically show up under your My Templates subtab. 

Edit the Cloned Template

  • Under the My Education Page sub-tab, you will find the template that you have cloned.  
    For this example, we cloned the “Custom Blue Landing Page” template. 
  • Click on the corresponding (4) Edit icon under the “Actions” list. This will open the “Customize Education Template page”.

Note: We recommend turning on the template under the “Active” column AFTER all edits are finalized and have been saved. Just return to this screen and click the toggle to the “ON” position.

 

Edit the Contents

The Editor offers the option to manipulate pre-designed content blocks or upload images through its embedded drag and drop function. Content can be edited where a pencil icon is displayed. 

Your logo and contact information should already appear in the education template. If you need to edit either of these for all templates going forward, please edit them using the main Settings tab in PhishProof.

You can also upload your own pdf version by clicking on the Replace with a PDF File button and following the instructions on the prompt.

Once desired changes have been made to the phishing email, click Save Template to save changes.

Edit the Translated Versions

Each template has been translated into the languages listed under the Template Language dropdown. Select the language in which your users will receive phishing emails to edit the template in that language. You will have to do this for each language that your users use.

You can also upload pdf versions in any language. Be sure the correct corresponding language is selected from the Template Language dropdown list before uploading a pdf.

Note: Edits to the English system template will NOT carry over to other language templates.

 

Once desired changes have been made to each landing page template, click Save Template to save changes.  
To make your template available for use, return to the main My Templates page and click the toggle under the Active column to turn the template on. 

 
 

Email Campaign

Email Campaign

Campaigns -> Start a New Campaign -> Email Campaign

This section outlines how to create and schedule email campaigns 
This tool will allow you to send out one or multiple emails to selected users. Choose email templates from our library of system templates, your organization's custom templates, or a bit of both. 
These emails can be sent to users at randomized times during a specified time span or all at once.

Campaign Options

This tool offers a variety of options for sending your campaign. See descriptions for each numbered item below the image.

(click to view enlarged image)

1) Campaign Name 
This is a title for your campaign. This title will appear on the main Campaign page in the list of draft, scheduled, or completed campaigns.

2) Campaign Description 
The Campaign description will allow you to add additional detail in regards to what your campaign is about.

3) Email Templates

  • Click the "choose template" button to bring up the template selector.

(click to view enlarged image)

  • Use the tabs in the upper-left switch between viewing a list of system templates or your custom templates.
  • Search and filter options are available in the pane on the left to help you narrow down results to only templates that fit the desired criteria
  • Clicking templates will allow you to preview the email that will be sent in the pane on the right. 
    The language dropdown (upper-right) allows you to view how the template will look in other languages.
  • To select templates to use in your campaign, place a check in the box next to the template's name.
  • Click "Selected Templates" to view only templates you currently have selected for use in the campaign. These are the templates that will be sent to targeted users. Each user will get a random template from this selection.

Note:

  • All templates used in a campaign must be the same type. Link click, Form submit, or Attachment.
  • Custom email templates must be created prior to creating the email campaign. To create a customized email template, go to the main Templates tab and click on Email Templates. 
    More Detail on how to create Custom Email templates here: 
    Creating Custom Templates and Landing Pages
 

4) Education Landing Page

Select an Education Landing Page from the dropdown list. Your users will see this whenever they are “phished,” or fall victim to a phishing simulation.

Here, you can select the Education Landing Page that your users will see whenever they are susceptible to a Phishing simulation. The Education Landing Page is an on-the-click educational tool that lets users know to be wary of such emails in the future. With this immediate reinforcement, users will be able to recognize the tells of real phishing attempts.

Note: Custom education landing pages must be created prior to creating the campaign. To create a custom Education Landing Page, go to the main Templates tab and click on Education Templates. 
More Detail on how to create Custom Landing Page templates here: Creating Custom Templates and Landing Pages

 

5) Select Targets 
This section allows you to select the Targets or recipients of your randomized campaign. Targets can be selected by Hierarchy (region, division, dept), Groups, or Individual User. They can also be selected from a previous Campaigns target list or the Susceptible Users list which includes individuals who have been phished in previous campaigns.

6) Start Date and Time 
Here you can schedule the date and time at which your campaign will start sending the randomized emails to the specified targets.

7) Send Duration 
The duration is the number of days over which the campaign will take place. The optimal span is 7 days for more authentic results and ease of delivery to inbound mail servers by reducing the bulk of the send. 

8) Business Days

In this section, you can specify the hours and days of the week which make up your organizations Business Hours. This will ensure that campaign emails are not sent outside of regular business hours to increase the probability of the recipient seeing the email.

Note: Scheduled Campaigns cannot Start and End the same day.  
For this reason, we recommend having at least 2 business days selected for a campaign with a 1 business hours/day duration, or ensuring your Start date/time is at least 24 hours apart from your intended end date/time. 
For example:

  • If today is Friday, October2nd.
  • I select today's date as my campaign start date.
  • My send duration is "1 business hours/days"
  • I then check the box for only Friday as my business days.
  • The campaign will start today and conclude the next applicable day, which is Friday a week from today.
 

9) Stop Tracking 
This option will specify how long user actions in the Phishing simulation will be recorded for reporting after the campaign emails have been sent.

10 )Display Domain 
When a learner hovers over a targeted link in the phishing email, the selected display domain will be shown instead of the actual destination.

11) Hide from Global Reports 
This option should only be used in the event an administrator is running a test campaign. When enabled, this option will ensure that results from tests campaigns are not included in reporting, nor will the recipients be assigned any training upon failing the simulation.

 12) Save Buttons

  • Save & Exit – This action will save your input so that you can return to make any adjustments and launch the campaign at a later date. You will see the saved campaign in the Draft section of the Campaigns Home tab. It will be labeled as incomplete.
  • Save & Schedule – This action will launch the campaign as you have designated. You will see the saved campaign in the Scheduled section of the Campaigns Home tab. Once the messages have all been sent, the campaign will move to the Completed section.

Note: Campaign Details will not appear until all emails for the campaign have been sent. After emails finish sending you will be able to see details for all users that received an email and whether as well as click/form/attachment data.

 
 
 

USB Baiting Campaign

USB Baiting Campaign

This tool will allow you to place a special file provided by PhishProof onto your own USB drive. This USB drive can then be placed into a common space in your organization. 

Examples: Parking lot, Breakroom, or another high traffic location. 

This allows your organization to assess whether employees are at risk of opening files or enabling macros on documents from found USB devices 

To get started, select "USB Templates" from the "Start a New Campaign" drop-down list.

The first page encountered when creating a USB Baiting Campaign will allow you to title your campaign, add a description for your reference, specify the location in which the USB drive was placed, and select a landing page for use in Macro-Enabled Campaigns. 

Once the Campaign Details have been populated, click Save Start.
This will take you to the Overview page for the USB Campaign. 

Download File
This lists the documents that can be downloaded and placed on USB drives for your campaign. The files can be renamed after download. Note: If the Campaign-creator opens the doc, it will be recorded just as if it were opened by a user. 

Opens
This column displays the number of times this document type has been opened by users for this campaign. 

Macro Enabled
This column specifies whether the document listed contains Macros.
Files do not contain Macros
Files DO contain Macros

Files that contain macros are able to capture more data about the user who opens the doc and enables the macro than documents that do not contain macros.If the macro in a document is enabled, the user will be taken to the education landing page in a web browser. 

Note: Documents that DO NOTcontain Macros will not take users to the landing page.

 

Result of Macro-Enabled Doc Shown Here

4) End Campaign (Overview Tab)
After enough reporting data (Shown on Details Tab) has been gathered from the Campaign, you can end the campaign by clicking this button. No further data from the docs downloaded from the campaign will be recorded. 

Campaign Details 
While the campaign is active and after the USB drive(s) has been planted containing the docs downloaded from the tool, any record of users opening the doc or enabling the macros if applicable will be displayed on the Details Tab. Differences between the data captured by Documents with and without Macros are shown below. 

The data displayed on the details tab can be exported using the Export Results to Excel button provided in the upper-left.
On the main PhishProof Campaigns Page, a summary of all USB Campaigns will be listed in their own section at the bottom of the page.