Description
How to setup and run a Phishing Simulation from inside the Guardz Portal.
Requirements
Access to Guardz
The Process
The Phishing Simulations are found in the "Awareness tab" on the left hand side.
To create an Awareness Phishing Simulation:
1. Create Simulation:
In the main Awareness module screen, click on "Phishing Simulation - Create."
2. Allow List:
Add the Guardz domain to the Allow List in your email provider to prevent marking this domain as Spam.
3. Simulation content:
In the 'Content' section, define the general guidelines for the Simulation: To whom the email will be sent, from who, the Industry, content type, tone, length of the email, and language.
Please note that if not all Content fields are filled out, you will no be able to proceed.
Then give your campaign a name.
Click on 'Generate,' and the AI will generate within a few seconds a personalized email template to be sent as part of the simulation using the values you've added.
You can re-generate the content until you find the version you like by clicking the "Regenerate" button.
Tip: You can set the Recipient to 'No Name' when the recipient name pulled from the main directory doesn't match the email language
4. Assign Simulation & Schedule:
Scheduling the Simulation
Set the start date and end date of the Phishing Simulation. By the end of the simulation, an issue will be created based on the results achieved during this time.
The best practice is a 5-day duration, but sometimes a day or two is enough.
If you choose a start date later than today, the Simulation will be sent between 9 AM and 10 AM on the selected date (based on your machine time).
User Selection
When you want to go ahead with sending the simulation to your users, choose the users you would like to target:
a. Users - select specific users you want to target in your campaign. You can invite additional users after the campaign goes live.
* This can be used for internal testing of the campaign as well
b. Groups - select the multiple groups you want to target. The groups are being reflected from your Google/Microsoft admin account.
Once you choose the groups, you’ll be shown the potential users to which the campaign will be assigned.
5. Preview & Launch:
The simulation email will be sent from a dedicated domain where the email alias will be customized according to the content signature.
When all looks good, click 'Assign,' and the simulation will be sent.
6. Track results:
Please be advised that it takes up to 1 hour to view the results of the Phishing Simulation
After you activate the Phishing simulation, the results can be tracked in the simulation results. You can see the primary metrics of Send rate, open rate, and click rate and which user clicked on the phishing link.
The Phishing simulation duration can be stopped anytime by clicking the 'stop campaign' button.
By the end of the campaign, the issues will open per simulation, displaying the users who failed and clicked on the link.
You can add additional users at any point to the simulation after it has been activated by clicking on 'Invite Users.'
7.User Interaction and Results:
User Status:
Pending: email has been sent to the user or when the user opened the email but didn't click.
Success: The simulation finished, and the user didn't click on the link
Clicked: The user clicked on the link in the simulation email.
Once a user clicks on the phishing email URL, they will get a message telling them it was a simulation.
8. Extracting Data:
To extract a list of users and their status, select the share icon and export to CSV or print.