How to: launch an email phishing simulation

The RESPONSUM Email Phishing Module enables you to simulate a real-world email phishing attack. It provides you all the tools you need to create a custom campaign in an easy and intuitive way in only 6 steps:

Step 1

1. Navigate to Awareness > Phishing.
2. Click ‘Create new campaign’.
3. Click ‘Email Phishing’.

Step 2

Create an email scenario

• Click on ‘Create new scenario’ or hover over the right upper corner of a template scenario and select the pencil when clicking on the three dots to edit an existing one.
• Provide the scenario a name by filling out the ‘Name’ field.
• Create a sender email address by filling out the ‘From’ field.
• Create a subject line by filling out the ‘Subject’ field.
• Choose the type of email phishing campaign by selecting it from the ‘Type’ list.
  • EmailMalwareDrop will ensure the employee who clicks will immediately go to the training page.
  • EmailDataCapture will ensure the employee who clicks will go to a landing page where he/she will be asked to enter data, before going to the training page.
• Select the language from the ‘Language’ list.
• Add scenario content by typing in the text field or by changing the ‘<>Source’ to HTML and editing the code.
• Be sure to add the bottom of the message add the {{.Tracker}} tag. This will allow RESPONSUM to know when an employee has opened the email. If this tag is not set, both “Email opened” and “Link clicked” parameters will show the same results.
• Click ‘Save message’.
• When EmailDataCapture is selected, the next step is to Create/Edit the landing page. When EmailMalwareDrop is selected, the next step is to Create/Edit the training page.

Step 3

Create a landing page scenario

• Click on ‘Create new landing page’ or hover over the right upper corner of a template scenario and select the pencil when clicking on the three dots to edit an existing one.
• Provide the landing page a name by filling out the ‘Name’ field.
• Select the language from the ‘Language’ list.
• Add landing page content by typing in the text field or by changing the ‘<>Source’ to HTML and editing the code.
• Click ‘Save message’.

Step 4

Create a training page scenario

• Click on ‘Create new training page’ or hover over the right upper corner of a template scenario and select the pencil when clicking on the three dots to edit an existing one.
• Provide the training page a name by filling out the ‘Name’ field.
• Select the language from the ‘Language’ list.
• Add training page content by typing in the text field or by changing the ‘<>Source’ to HTML and editing the code.
• Click ‘Save message’.

Step 5

1. When the scenario, (landing page) and training page are selected, click ‘Next’.
2. Choose a URL that fit with the campaign. Set a subdomain, by filling out the “Subdomain” field. Select a domain from the list.
3. Click ‘Next’.

Step 6

1. Download the guide that contains the whitelisting information you will need for successfully carrying out the phishing campaign. See whitelisting to learn how to perform the whitelisting.
2. To ensure the email reaches your inbox correctly, provide up to 5 test email addresses in the test field.
3. Click ‘Launch test’.
4. When the test is ok, click the check mark. When you want to run another test, click on the refresh sign. Test until the simulation looks ok.
5. Click ‘next’.

Step 7

1. Choose the target employees, by filtering on group, department or another item.
2. Tick the upper checkbox to select all the listed employees or select individual employees by ticking the checkbox next to the employee(s).
3. Click ‘Next’.

Step 8

1. Select a Launch Date and Time.  Click on the agenda sign and select a date. Click on the clock to select a time. Click ‘Select now’. Click ‘Save’.
2. Click ‘Launch’.
3. You have now scheduled an email phishing simulation for launch! Emails will be sent out on the selected date and time. Results will be visible in the dashboard.