Setting the Timezone

Before starting a campaign, it is recommended to adjust the System Time Zone under the Settings Tab to match that of your Organization Headquarters, or that of the majority of the users.

PhishProof will send phishing simulation emails based on this TimeZone setting.

Be sure to click the Update Settings button to apply changes.

Logo and Contact Information

Under the Settings Tab you can also populate contact info for your internal IT support team and add your organization logo. This info will be added to the Education Landing Page, which is the learning aid that allows your users to gain timely insight when they are susceptible to a phishing simulation.

Simply, add your IT support information details, i.e. the phone number and/or email address of the point of contact for reporting or asking questions on potential phishing attacks. 

You can further customize the Education Landing Page by inserting your company logo. Just click on the +Select Logo button and upload your logo.

Your logo and IT support information will be displayed in the upper right-hand corner of the Education Landing Page.

Each PhishProof simulation provides an opportunity to learn about real threats in a safe environment.  If a learner does perform a risky action during one of the simulated phishing emails they are provided with immediate education in the form of a landing page. For many individuals, the education landing page may be enough encouragement to build better habits. Other learners may require more in-depth training to reinforce best practices.         
PhishProof's course assignment feature allows you to tailor the learning experience and assign additional education only where it is needed.

Location:

PhishProof > Susceptible Users Tab > Course Assignment sub-tab

Course Assignments

Set the phishing count and choose one or multiple courses to be assigned when learners reach that threshold. You can specify up to 10 course assignment thresholds. 

(click to view enlarged image)

Add Assignments         
Click the green + button to add an assignment. To delete an assignments click x  button to the right of each item. You can add up to 10 different phishing count thresholds at which to assign training.

Set Phishing Count          
Type a number in the count field for each assignment. If a user's current phishing count reaches this threshold the specified training will be automatically assigned.

Select Course(s) to assign         
All available courses from the LMS are eligible for assignment. Click the dropdown to view all available content and check the boxes to select one or multiple courses to be assigned when a user reaches the specified phishing count.

Apply to All Languages         
To apply the same course assignment settings to all languages check the "Apply To All Languages" checkbox in the upper-right corner.         
If preferred, different course assignment options can be specified for each language by selecting languages from the dropdown at the top of the page.

Notification Email

From Email         
The email notification will come from this address. The dropdown allows you to choose whether the email sends from the phishproof.com domain or inspiredlms.com which will match emails from the LMS.         
Check

From Name         
This is the friendly name learners will see as the sender of the email.

Email Subject         
Customize the subject of your email. Please note the default text is already translated for you.         
If the subject of the email is customized it can either be applied to all other languages in English, or you can implement your own custom-translated content.           
Please note: Any custom-translated text must be provided by your organization as this is not a service offered.

Apply to All Languages         
To apply the same settings for From Email, From Name, or Email Subject to all other available languages check the box next to each section before saving. If preferred, different options can be specified for each language by selecting languages from the dropdown at the top of the page.

Email         
This is the email notification that is sent to the learner each time they are assigned a course as a result of a Phishing Campaign. This notification informs them of the reason the course has been assigned and instructs them on what to expect.         
The text of this email can be customized for each language by selecting the language from the dropdown at the top of the page.         
Please note: Any custom-translated text must be provided by your organization as this is not a service offered.

Short Codes         
A few system variables have been provided to dynamically populate information such as the learner's first and last name, the course list, the learner's phishing count, and your organization's name.  All available system variables are listed at the bottom of the email editing pane. 

Update Settings         
Once you're ready to save your settings click "Update Settings" at the bottom of the page.  Remember to check the "Apply to All Languages" box for any applicable settings you'd like to apply to every available language.

Reset and Repeating Assignments

To ensure users continue to receive education even if they exceed all set thresholds for training assignments their "current phishing count" resets to 0 once they've been assigned all available training.  They will then repeat the assignments at each threshold in the event their phishing count continues to increase.         
Both the total all-time phishing count and the current phishing count for a learner can be viewed in the PhishProof Susceptible Users Report, as well as details about which campaigns resulted in course assignments.

To ensure users report suspicious emails to the proper team PhishProof offers the Outlook Add-In, PhishHook, where end users can report potential phishing threats in real-time. 

As part of our holistic training solution, we promotes security awareness by enabling users to actively participate in identifying possible phishing emails. 

Users who correctly identify phishing simulation emails from PhishProof receive positive reinforcement as soon as they click the PhishHook Add-in. 

Logs of identified potential threats with email header information are also available for IT personnel to monitor in order to protect the organization and prevent widespread vulnerability.

 Before Deploying your First Campaign, we recommend installing PhishHook if applicable, and educating users on how to report Phishing emails using this Outlook Add-In.

 Before Organization-Wide Deployment the tool can be installed and activated for a small group of users.

PhishHook Add-in Best Practices and Instructions

1. Download PhishHook Add-in files or Copy the PhishHook Manifest URL by logging into your PhishProof Admin portal.
2. Follow the instructions for Office 365/Outlook 2016+ deployments options (Recommended) or the Outlook 2013 or older deployment options. 
3. Send preliminary emails to users informing them of how to use the PhishHook Add-In to report suspicious emails.
4. Send a test campaign to a select group.
5. If the test is successful, send a phishing campaign to users.
6. Monitor flagged phishing emails.

We offer a few options for installing PhishHook for your Organization on Outlook.

The recommended option is Centralized Group Deployment through MS Office 365's Admin Console.       
Instructions for this installation method can be found here:       

Centralized Group Deployment through MS Office 365's Admin Console       
        
For testing purposes this add-in can also be installed by an individual by following the instructions found here:

Single Deployment through MS Office 365 Outlook Web Application (OWA)

If your organization uses Outlook 2010-2013 desktop client on Windows machines, then we also have the options listed below:

Outlook 2013 or Older - Silent Install using Group Policy

Outlook 2013 or Older - Single Install per User

User Perspective

Reporting Potential Phishing Threats in real-time 

You may now begin clicking on the PhishHook button whenever you come across a suspicious email that resembles a phishing attack. The report and original email will be sent to your IT Department for review. 

1. Click on the PhishHook button in the Outlook ribbon, or in the upper-right corner of your email on web.
2. The Report Phishing side pane will show on the right. Leaving a description is optional
3. Click the Send Report to Admin button to complete the reporting process. 
4. A confirmation message will pop-up. Please click OK and continue with your daily routine.

Outlook Desktop Client

Outlook Web Client

Outlook Mobile Client

Pilot Testing before Deployment

For best results and extra assurance we highly recommend running a few rounds of Pilot Testing prior to rolling out campaigns to larger groups of users.

This ensures that simulation emails make it from PhishProof to the users inbox, that results record accurately without false positives, and that data is allowed be captured and sent back to the PhishProof console.

If possible, have members from different teams participate in the Pilot test, preferably with varying locations, GPO settings, etc.

The more diverse the group, the better.

False Positives in Phishing Simulations

When sending out phishing simulations you may encounter false positives caused by security systems testing links in an email before it reaches the user's inbox. These are referred to as bot clicks. This function is a security measure to protect email recipients from malicious links, but it can cause false assessment failures and inaccurate results for phishing simulations.     

PhishProof's click filter helps prevent bot clicks from counting against users by excluding specific IP addresses or ranges from phishing simulations.

Location:     
PhishProof > Settings> Click Filter

Identify Bot Clicks

We recommend running a pilot test with a small pool of individuals before sending phishing simulations to the entire company. Not only does ensure the email is delivered to the recipient's inbox, but this process also allows admins to ensure results are accurate and address any sources of false positives before full deployment.

For good measure, we also recommend testing with different template types as emails with attachments or faux login pages may be handled differently than emails with links alone.

Many false positives can be addressed with the proper allow listing of PhishProof's domains to exempt them from link analysis by spam filters and other security filters and systems, but any sources of false positives not addressed during the allow listing process can be filtered out in PhishProof so long as you know the IP address(es).

There are multiple ways to identify bot clicks. Here are a few potential indicators:

• Feedback from the intended recipient(s) stating they did not click despite the console reporting a click.
• Clicks that occur for multiple users at the exact same or almost the exact same time.      
  (usually immediately after the email sends)
• The IP Address associated with the click belongs to one of your company's security products

Locate IP Address Information for a Campaign

To view the IP address associated with a link click, form submission, or attachment opening in PhishProof follow the steps below.

• From the Campaigns page, click the name of the campaign to view campaign details
• Navigate to the "User Details" tab
• Enable the "Show User IP Information" in the upper right.
• All recorded IP addresses will display for the campaign.
• To Export the IP information click the "Export Results to Excel" button above the IP Information toggle.

Add/Edit IP Addresses in Click Filter 

If clicks from a specific IP address or IP range have been identified as bot clicks these IPs can be added to PhishProof's Click Filter.       
Adding IPs to the filter prevents any clicks generated by these IPs from being counted in phishing simulations.

Location:     
PhishProof > Settings> Click Filter

To add an IP address or range of IP addresses to the click filter click the "Add IP Filter" button. 

Input the IP address or range of IP addresses in one of the formats specified in the pop-up and add a description.  Once this is complete, click "Done" to save your new filter.

Any clicks from the specified IP(S) will no longer count in future phishing simulations.  

If any clicks in previous campaigns belong to one of the filtered IPs they can be removed with just a couple more steps.

Remove Clicks  from Previous Campaigns

Location:     
PhishProof > Settings> Click Filter

To remove clicks from previous campaigns based on your current IP filters click the "Remove Susceptible Users Retroactively" button at the bottom of the page.

Any clicks from previous phishing simulations that are associated with an IP address that is included in the Click filter will display.  Select all the information you'd like to remove and when ready click the "Remove" button.     
Please note this action cannot be undone, so look over the selections carefully before confirming the removal.

All of the selected clicks will be removed from their respective campaigns and the user(s) will no longer display as having clicked a link during that campaign.

To ensure users report suspicious emails to the proper team, PhishProof offers the Gmail Add-On, PhishHook, where end users can report potential phishing threats in real-time. 

As part of our holistic training solution, we promote security awareness by enabling users to actively participate in identifying possible phishing emails. Users who correctly identify phishing simulation emails from PhishProof receive positive reinforcement when they click the PhishHook Add-on. Logs of identified potential threats with email header information are also available for IT personnel to monitor to protect the organization and prevent widespread vulnerability.

Before deploying your first campaign, we recommend installing PhishHook, if applicable, and educating users on reporting Phishing emails using this Gmail Add-on. Before organization-wide deployment, the tool can be installed and activated for a small group of users.

PhishHook Add-on Best Practices and Instructions

1. Navigate to iLMS and log in; click PhishHook addin in the top navigation bar
2. Select PhishHook Settings, click General Settings to review, then select Gmail Add-on, where you will be presented with 3 steps

Step 1: Install Gmail Add-on

1. Navigate to PhishHook - Google Workspace Marketplace  and click Install
2. You will be presented with a screen notifying you that you are granting access to your data; select the option to install the app automatically for either Everyone at your organization or Certain groups or organization units
3. Click Finish
4. To verify the installation, go to your Gmail inbox and click the arrow to show the side panel in the bottom right; you will see the PhishHook icon here

Steps 2 & 3: License Key & Send Email to End Users

1. Go back to the PhishProof console and ensure you are still on the PhishHook Settings screen
2. Under Step 3, click View Activation Email Template, then click Copy Template; the template will automatically include Step 2 (the license key)
3. Open a new email, add your subject, and paste the template into the body
   • Link to End-User Guide
4. After adding the appropriate email addresses or distribution lists, send the email as normal

After PhishHook is activated, you can review emails end users have flagged as phishing attempts within the PhishProof console.

1. From within the PhishProof console, go to PhishHook addin
2. Select Flagged Phishing Email Log; this will show you all emails that have been flagged as phishing

PhishHook End-User Guide

This guide will show you how to activate the PhishHook Gmail Add-on and report suspicious emails.

Activate Gmail Add-on 

1. Select the add-on icon on the sidebar and Gmail will ask if you want to give the add-on access to your account; click Authorize Access and follow the steps to allow PhishHook access to your Gmail account
2. You should have received an email from your administrator about the PhishHook add-on that includes a license key; copy the license key from that email
3. In the PhishHook add-on, paste the license key and click Verify

Report Emails with Gmail Add-on 

1. To report phishing attempts once PhishHook has been activated, open the suspicious email and click on the PhishHook icon in the sidebar
2. If desired, include a note on the text line about why you feel it might be a phishing attempt
3. Click Report Phish; the email you reported will be marked as Spam and moved to your Spam folder

To ensure users report suspicious emails to the proper team, PhishProof offers the Gmail Add-On, PhishHook, where end users can report potential phishing threats in real-time. As part of our holistic training solution, we promote security awareness by enabling users to actively participate in identifying possible phishing emails.

This guide will show you how to activate the PhishHook Gmail Add-on and report suspicious emails.

Activate Gmail Add-on 

1. Select the add-on icon on the sidebar and Gmail will ask if you want to give the add-on access to your account; click Authorize Access and follow the steps to allow PhishHook access to your Gmail account
2. You should have received an email from your administrator about the PhishHook add-on that includes a license key; copy the license key from that email
3. In the PhishHook add-on, paste the license key and click Verify

To ensure users report suspicious emails to the proper team, PhishProof offers the Gmail Add-On, PhishHook, where end users can report potential phishing threats in real-time. As part of our holistic training solution, we promote security awareness by enabling users to actively participate in identifying possible phishing emails. 

This guide will show you how to report suspicious emails using the PhishHook Gmail Add-on.

Report Emails with Gmail Add-on 

1. To report phishing attempts once PhishHook has been activated, open the suspicious email and click on the PhishHook icon in the sidebar
2. If desired, include a note on the text line about why you feel it might be a phishing attempt
3. Click Report Phish; the email you reported will be marked as Spam and moved to your Spam folder