Read a PhishProof category below to expand and learn more.

Timezone

Setting the Timezone

Before starting a campaign, it is recommended to adjust the System Time Zone under the Settings Tab to match that of your Organization Headquarters, or that of the majority of the users.

PhishProof will send phishing simulation emails based on this TimeZone setting.

Be sure to click the Update Settings button to apply changes.

Logo and Contact Info

Logo and Contact Information

Under the Settings Tab you can also populate contact info for your internal IT support team and add your organization logo. This info will be added to the Education Landing Page, which is the learning aid that allows your users to gain timely insight when they are susceptible to a phishing simulation.

Simply, add your IT support information details, i.e. the phone number and/or email address of the point of contact for reporting or asking questions on potential phishing attacks. 

You can further customize the Education Landing Page by inserting your company logo. Just click on the +Select Logo button and upload your logo.

Your logo and IT support information will be displayed in the upper right-hand corner of the Education Landing Page.

Course Assignment and Rules

Each PhishProof simulation provides an opportunity to learn about real threats in a safe environment.  If a learner does perform a risky action during one of the simulated phishing emails they are provided with immediate education in the form of a landing page. For many individuals, the education landing page may be enough encouragement to build better habits. Other learners may require more in-depth training to reinforce best practices.         
PhishProof's course assignment feature allows you to tailor the learning experience and assign additional education only where it is needed.

Location:

PhishProof > Susceptible Users Tab > Course Assignment sub-tab

Course Assignments

Set the phishing count and choose one or multiple courses to be assigned when learners reach that threshold. You can specify up to 10 course assignment thresholds. 

(click to view enlarged image)

Add Assignments         
Click the green + button to add an assignment. To delete an assignments click x  button to the right of each item. You can add up to 10 different phishing count thresholds at which to assign training.

Set Phishing Count          
Type a number in the count field for each assignment. If a user's current phishing count reaches this threshold the specified training will be automatically assigned.

Select Course(s) to assign         
All available courses from the LMS are eligible for assignment. Click the dropdown to view all available content and check the boxes to select one or multiple courses to be assigned when a user reaches the specified phishing count.

Apply to All Languages         
To apply the same course assignment settings to all languages check the "Apply To All Languages" checkbox in the upper-right corner.         
If preferred, different course assignment options can be specified for each language by selecting languages from the dropdown at the top of the page.

Notification Email

From Email         
The email notification will come from this address. The dropdown allows you to choose whether the email sends from the phishproof.com domain or inspiredlms.com which will match emails from the LMS.         
Check

From Name         
This is the friendly name learners will see as the sender of the email.

Email Subject         
Customize the subject of your email. Please note the default text is already translated for you.         
If the subject of the email is customized it can either be applied to all other languages in English, or you can implement your own custom-translated content.           
Please note: Any custom-translated text must be provided by your organization as this is not a service offered.

Apply to All Languages         
To apply the same settings for From Email, From Name, or Email Subject to all other available languages check the box next to each section before saving. If preferred, different options can be specified for each language by selecting languages from the dropdown at the top of the page.

Email         
This is the email notification that is sent to the learner each time they are assigned a course as a result of a Phishing Campaign. This notification informs them of the reason the course has been assigned and instructs them on what to expect.         
The text of this email can be customized for each language by selecting the language from the dropdown at the top of the page.         
Please note: Any custom-translated text must be provided by your organization as this is not a service offered.

Short Codes         
A few system variables have been provided to dynamically populate information such as the learner's first and last name, the course list, the learner's phishing count, and your organization's name.  All available system variables are listed at the bottom of the email editing pane. 

Update Settings         
Once you're ready to save your settings, click "Update Settings" at the bottom of the page.  Remember to check the "Apply to All Languages" box for any applicable settings you'd like to apply to every available language.

Reset and Repeating Assignments

To ensure users continue to receive education even if they exceed all set thresholds for training assignments their "current phishing count" resets to 0 once they've been assigned all available training.  They will then repeat the assignments at each threshold in the event their phishing count continues to increase.         
Both the total all-time phishing count and the current phishing count for a learner can be viewed in the PhishProof Susceptible Users Report, as well as details about which campaigns resulted in course assignments.

Pilot Testing

Pilot Testing before Deployment

For best results and extra assurance we highly recommend running a few rounds of Pilot Testing prior to rolling out campaigns to larger groups of users.

This ensures that simulation emails make it from PhishProof to the users inbox, that results record accurately without false positives, and that data is allowed be captured and sent back to the PhishProof console.

If possible, have members from different teams participate in the Pilot test, preferably with varying locations, GPO settings, etc.

The more diverse the group, the better.

Click Filter

False Positives in Phishing Simulations

When sending out phishing simulations you may encounter false positives caused by security systems testing links in an email before it reaches the user's inbox. These are referred to as bot clicks. This function is a security measure to protect email recipients from malicious links, but it can cause false assessment failures and inaccurate results for phishing simulations.     

PhishProof's click filter helps prevent bot clicks from counting against users by excluding specific IP addresses or ranges from phishing simulations.

Location:     
PhishProof > Settings> Click Filter

Identify Bot Clicks

We recommend running a pilot test with a small pool of individuals before sending phishing simulations to the entire company. Not only does it ensure the email is delivered to the recipient's inbox, but this process also allows admins to ensure results are accurate and address any sources of false positives before full deployment.

For good measure, we also recommend testing with different template types as emails with attachments or faux login pages may be handled differently than emails with links alone.

Many false positives can be addressed with the proper allow listing of PhishProof's domains to exempt them from link analysis by spam filters and other security filters and systems, but any sources of false positives not addressed during the allow listing process can be filtered out in PhishProof so long as you know the IP address(es).

There are multiple ways to identify bot clicks. Here are a few potential indicators:

• Feedback from the intended recipient(s) stating they did not click despite the console reporting a click.
• Clicks that occur for multiple users at the exact same or almost the exact same time.      
  (usually immediately after the email sends)
• The IP Address associated with the click belongs to one of your company's security products

To set up a Click Filter in PhishProof:

1. From within PhishProof, click Settings on the left side menu and select Click Filter
2. Click + Add IP Filter
3. Add the IPv4 address range in the text box using one of the following formats:
   1. Wildcard (example: 192.0.2.*)
   2. CIDR (example: 192.0.2.0/24)
   3. Start-End (example: 192.0.2.0-192.0.2.255)
4. Write a short description of the IP address range
5. Click + Add

PhishProof will now ignore clicks from hosts within the listed IPv4 address range(s).

Locate IP Address Information for a Campaign

To view the IP address associated with a link click, form submission, or attachment opening in PhishProof follow the steps below.

• From the Campaigns page, click the name of the campaign to view campaign details
• Navigate to the "User Details" tab
• Enable the "Show User IP Information" in the upper right.
• All recorded IP addresses will display for the campaign.
• To Export the IP information click the "Export Results to Excel" button above the IP Information toggle.

Add/Edit IP Addresses in Click Filter 

If clicks from a specific IP address or IP range have been identified as bot clicks these IPs can be added to PhishProof's Click Filter.       
Adding IPs to the filter prevents any clicks generated by these IPs from being counted in phishing simulations.

Location:     
PhishProof > Settings> Click Filter

To add an IP address or range of IP addresses to the click filter click the "Add IP Filter" button. 

Input the IP address or range of IP addresses in one of the formats specified in the pop-up and add a description.  Once this is complete, click "Done" to save your new filter.

Any clicks from the specified IP(S) will no longer count in future phishing simulations.  

If any clicks in previous campaigns belong to one of the filtered IPs they can be removed with just a couple more steps.

Remove Clicks  from Previous Campaigns

Location:     
PhishProof > Settings> Click Filter

To remove clicks from previous campaigns based on your current IP filters click the "Remove Susceptible Users Retroactively" button at the bottom of the page.

Any clicks from previous phishing simulations that are associated with an IP address that is included in the Click filter will display.  Select all the information you'd like to remove and when ready click the "Remove" button.     
Please note this action cannot be undone, so look over the selections carefully before confirming the removal.

All of the selected clicks will be removed from their respective campaigns and the user(s) will no longer display as having clicked a link during that campaign.

PhishHook Add-in

PhishProof's PhishHook Add-in empowers users to report suspicious emails in real-time, helping your organization identify and prevent phishing threats. It's a key part of their security awareness training, as users get positive reinforcement for correctly identifying simulated phishing emails. Additionally, IT teams can access logs with email header information from reported threats, providing valuable data to monitor and protect the organization from widespread vulnerabilities.

For additional details on the PhishHook Add-in, navigate to PhishHook Add-in.