Each PhishProof simulation provides an opportunity to learn about real threats in a safe environment. If a learner performs a risky action in response to a simulated phishing email, they are provided with immediate education via a landing page. For many individuals, the education landing page may be enough encouragement to build better habits. Other learners may require more in-depth training to reinforce best practices.
PhishProof's Course Assignment feature lets you tailor the learning experience and assign additional education only where needed.
Location: PhishProof > Susceptible Users > Course Assignment
Course Assignment Settings
Automatically assign supplemental training based on campaign performance. When a user reaches a designated phishing event threshold, they will receive an email notification, and the selected courses will be added to their training queue.
Set Phishing Count
Define a phishing event threshold and select one or more courses to be assigned when that limit is reached. You can create up to 10 unique thresholds. Enter a value in the Count field for each assignment, and once a learner’s current count hits that number, the associated training is automatically assigned.
Apply for User's Language
To apply the same course assignment settings to all languages, select All Languages from the Apply for User's Language dropdown.
Add Assignments
Select Course(s) to assign: All available courses from the LMS are eligible for assignment. Click the dropdown to view all available content, then check the boxes to select one or more courses to assign when a user reaches the specified phishing count.
Note: We recommend selecting phishing-focused courses that are not in use with your regularly assigned LMS content for ease of tracking and reporting. This allows you to more easily create reports that focus solely on remedial training assigned via PhishProof.
Phishing Count Timeframe
Phishing Count Timeframe defines the period used to calculate whether a user has met the threshold for a course assignment. By default, the system counts a user’s entire event history. To focus on recent activity, select Last and enter a specific number of days; any events outside this window will be excluded from the assignment calculation.
Email Notification
- From Email: The email notification will come from this address. The dropdown allows you to choose whether the email sends from the phishproof.com domain or inspiredlms.com which will match emails from the LMS.
- From Name: The friendly name learners will see as the sender of the email.
- Email Subject: Customize the subject of your email. Please note the default text is already translated for you.
- If the subject of the email is customized, it can either be applied to all other languages in English, or you can implement your own custom-translated content.
Please note: Any custom-translated text must be provided by your organization as this is not a service offered.
- If the subject of the email is customized, it can either be applied to all other languages in English, or you can implement your own custom-translated content.
- Apply to All Languages: To apply the same settings for From Email, From Name, or Email Subject to all other available languages, check the box next to each section before saving. If preferred, different options can be specified for each language by selecting languages from the dropdown at the top of the page.
- Email: This is the email notification that is sent to the learner each time they are assigned a course as a result of a Phishing Campaign. This notification explains why the course was assigned and outlines what to expect. The text of this email can be customized for each language by selecting the language from the dropdown at the top of the page.
Please note: Any custom-translated text must be provided by your organization, as this is not a service offered.
- Short Codes: A few system variables have been provided to dynamically populate information such as the learner's first and last name, the course list, the learner's phishing count, and your organization's name. All available system variables are listed at the bottom of the email editing pane.
- Update Settings: Once you're ready to save your settings, click "Update Settings" at the bottom of the page. Remember to check the "Apply to All Languages" box for any applicable settings you'd like to apply to every available language.
Reset and Repeating Assignments
To ensure users continue to receive education even if they exceed all set thresholds for training assignments, their "current phishing count" resets to 0 once they've been assigned all available training. They will then repeat the assignments at each threshold if their phishing count continues to increase.
Both the total all-time phishing count and the current phishing count for a learner can be viewed in the PhishProof Susceptible Users Report, as well as details about which campaigns resulted in course assignments.
Pilot Testing
For best results and added assurance, we highly recommend running a few rounds of Pilot Testing before rolling out campaigns to larger groups of users. This ensures that simulation emails reach the user's inbox, that results are recorded accurately without false positives, and that data can be captured and sent back to the PhishProof console.
If possible, have members from different teams participate in the Pilot test, preferably with varying locations, GPO settings, etc.
The more diverse the group, the better.
Note: We recommend testing different template types as internal systems may handle emails with attachments and login forms differently than emails with links alone.