CybSafe gives you the ability to create phishing campaigns that target specific groups of people.
Managing campaigns
To manage your campaigns and settings, navigate to PHISH in the left hand Admin menu.
On this page you can:
Create a new phishing campaign
Create a test campaign
Manage your campaigns
On the campaigns page you will see all phishing campaigns that are currently 'active'.
To see any past simulations that have ended or been deactivated, select the 'deactivated' toggle in the top right.
On the campaign page you can also archive/un-archive a campaign, edit an existing campaign or create a new one.
Creating a new campaign
Head to the PHISH pages to create a campaign.
On the campaign page, click on Create+.
From here you simply need to configure your campaign with 5 simple steps.
Step 1 - Campaign name
Simply give your campaign a name that is recognisable for your reporting and relevant to what the campaign is. This name will show in our reporting but is not visible to your end users.
Once named, click on Next to move to the next step.
You can also open our Phishing science page to give you more context on our methodologies and your approach.
Step 2 - Audience
You can filter your audience down to target specific individuals within the business.
By default, campaigns are set to include everyone, this will clearly be indicated in the 'Estimated audience' banner under the audience filters.
Select the relevant filter and then click on Next to set the schedule for the campaign.
Should you filter down the audience the 'Estimated audience' will indicate how many users will be included in this campaign. This audience estimate will fluctuate as users meet the criteria or no longer qualify.
Here we are targeting on single group within the business.
You can add more than one filter, if you be sure to indicate if users must meet all filter criteria or any filter criteria. This is the same as using 'and' 'or' statements in other tools.
Available filters
We have the following audience filters available in CybSafe.
Security hero score - filter by users with a specific score.
Behaviour score - filter by users with a specific score.
Groups - filet by users according to their group membership.
Learning progress % - filter users based on their overall learning progress %.
Email - filter users by their email address.
Completed goals - filter users by goal completion.
Goal progress % - filter users based on their overall goal progress %.
Last login - filter users by their login date.
Completed modules - filter users by which modules they have completed.
Pending refresher test - filter users who have an outstanding refresher test.
Phishing medium/high risk behaviour events (%) - filter users by their % of phishing events.
Phishing reported % - filter users by the % of simulations they have reported.
Confidence - filter users by their confidence score.
Security hero rank - filter users on their security heroes rank.
Event history - filter users based on whether an event has occurred on the CybSafe platform.
There are many events to use either from user actions taken on the CybSafe platform or from a 3rd party behaviour integration.
User selection - filter specific individual users to be targeted.
User added to CybSafe - filter users by the data they were added to the CybSafe platform.
Step 3 - Schedule
There are a few options on how you can set your phishing campaign to be scheduled.
⚠️We recommend reading our article about how our Phishing scheduler works.
This may change how you configure your campaign.
CybSafe typically schedules phishing emails each week, this frequency can be adjusted. Which day the scheduling happens depends on the campaign start date.
If a new person is added to your organisation or to a group that is included in a phishing campaign, they will only start receiving emails when the scheduler next runs.
Emails are sent in line with the users timezone at random intervals, and not evenly spaced apart.
For example if you set a campaign to have seven emails every week, this will not mean that a user is sent one email per day. It is rare, but not impossible, to receive more than one phishing email per day, or to receive none.
Start date - Sets the date simulations will start to be delivered.
Campaign end - two options to choose;
Never (continuous) will run until the campaign is manually ended.
Custom will have an end date and stop automatically.
Operating hours - Select the hours of the day you would like our simulations to be delivered to your users in their timezone if set on the platform.
Frequency - Select the number of emails each user will receive in the time period in weeks.
Adjusting the weeks value will determine how often the phishing scheduler will run.
Be sure to have enough templates so you limit repeating any during a continuous campaign.
If the campaign has a custom end date running the campaign for a certain number of weeks, you may need to adjust the weeks figure to match to ensure you achieve the required result.
Once you are happy with your schedule setup click on Next to select your content.
Step 4 - content
On this page you have a choice on using our entire library or selecting specific templates to send to your users.
Use fire & forget templates - will use the entire library as well as any custom templates that are set to fire & forget. As the library grows these new templates will be included.
Selected specific templates - allows you to target users with a specific template(s). Use this option to run a specific phishing initiative.
You can filter this page to narrow down your choices.
If you change your mind you can choose to use the fire and forget templates at the bottom of the table.
Click Next at the bottom of the page to move onto our final step.
Step 5 - Review
The final configuration page gives you the option to review all settings.
Read through the campaign and ensure you are happy with your settings.
You do have the option to save as a draft, you can then revisit the configuration at another point to finalise it before activating.
To find this campaign navigate to your deactivated campaigns and click the three dots to either activate or edit if it needs some final tweaks.
If you are happy with your campaign you can click on Activate. 👍
Creating a test phishing campaign
CybSafe also allows you to test phishing emails deliverability and behaviour by creating a test campaign.
These campaigns will send out a defined number of emails (up to 10) to the administrator that creates the campaign. These phishing emails will have the same behaviour as emails in regular campaigns, and are useful to check allowlisting.
To create a test campaign select "Create test campaign" in the campaigns page.
The configuration page is the same as a normal campaign but it does not have the audience filters as it only sends tot he admin configuring the test campaign.
Name the campaign by default we have added 'Test...' already.
On the 'schedule' page you can select how many emails you wish to receive.
On the 'content' page, you can either random templates from our 'Fire & forget' templates or 'select specific templates'.
We recommend choosing more templates than the number of emails you scheduled to avoid receiving the same ones.
Final page you can review your setup, save it as a draft or Activate it immediately.
After the emails have been sent out you can interact with them and observe their results as you would any other phishing email.
⚠️When you have completed interacting with your test phishing campaign remember to archive the campaign in the campaign page.
Test phishing campaign events will be included in reports if not archived.
Deactivating & archiving phishing campaigns
You can do this on the Phishing campaigns page, by selecting the 3 dots on the campaign and selecting 'deactivate' or 'archive as shown below.
A 'deactivated' campaign has been stopped, but is still visible in phishing reports.
An 'archived' campaign is 'deactivated' and will be excluded from your phishing reports.
Please note: You can only archive a campaign once it has been deactivated.
