Skip to main content

CybSafe PHISH and where to start.

All you need to know about CybSafe's simulated phishing feature

Ben Robinson avatar
Written by Ben Robinson
Updated yesterday

At CybSafe, we take an intelligent approach to phishing simulations.
CybSafe simulated attacks use algorithms to serve automated, but personalised phishing to understand strengths/weaknesses for every person in an organisation.

Core concepts of PHISH

  • Phishing campaign: a bespoke campaigns that deliver phishing simulations to your people on a set schedule.

  • Template: content for emails, landing and intervention pages that is dynamically populated with user specific data and tracking when the simulation is sent.

  • Simulation: the combination of email and landing page used to simulate a phishing attack and educate users when they perform high risk behaviours.

  • Phishing email: the simulated phishing content sent to the user’s inbox with a link through to the assigned landing page.

  • Landing page: the web page that tests for high risk behaviour, like submitting account detail.

  • Intervention page: the web page explaining that the user has fallen for a simulated phishing attack and how to improve next time.

  • Phishing emails library: collection of simulation templates available.

  • Customisation: modifying an existing template or creating your own from scratch.

  • Fire & forget: a template setting that adds or removes templates from a large pool that the scheduler can randomly select from.

What can you do with CybSafe PHISH?

Technical setup

The first steps are technical;

  • Configuring allowlisting in all of your tools that intercept or route incoming emails.

  • Configuring your report phishing button integration with an existing solution or native button.

Allowlisting

If our emails do not reach your end users untouched they will not be able to interact with the simulations and provide you valuable HRM data and reporting.

Our allowlisting approach is simple, any tool that intercepts incoming emails and interferes with the delivery will need the CybSafe IP addresses added to a safe sender list or as an exception.
This will include tools such as antivirus or defender that may check for malicious links. Without us being added as an exception we will report on false clicks made by your tools.
Dont forget to add us as an exception (or not) to any policies that could interfere with emails. i.e a policy adding a banner for external emails should be left alone as our phishing simulations are an external email.

Report phishing button integration

CybSafe does not have our own phishing integration button, we utilise existing tooling or processes to ensure that our simulation emails are reported back to CybSafe. Usually with a simple mail flow rule or Google/ MS 365 integration.

Navigating Phish and configuration

Some handy tips on where to find our PHIHS feature configuration pages and what they do. Head to PHISH to get started.

Phishing campaigns

The first page within PHISH is our Phishing campaigns table.

Read more on creating phishing campaigns.

Here you can;

  • Create a test campaign.

  • Create a new campaign to your entire organisation or a targeted group.

  • View your active and deactivated campaigns in the table.

    • By clicking on the three dots to the right hand side you can;

      • View details on any existing campaigns.

      • View your report for that campaign.

      • Edit the campaign if it is still active.

      • Deactivate any active campaigns.

      • Archive any campaigns to remove it from your reporting statistics. useful for test campaigns.

Phishing emails library

This is where you can manage all available templates for your organisation, head to the Phishing emails library to get started.

Here you can;

  • View and manage all of our simulation templates.

    • Clicking the three dots to the right of any CybSafe created template will allow you to preview the template or duplicate it so you can edit if required.

  • You can search for a specific template by clicking on the 🔎 icon.

  • Expanding any row will give you more information on the template itself, such as available languages and the attack techniques.

  • You can also create your own templates by clicking on the Create button.
    Read more here on creating custom simulation templates.

    • Once you create your own simulation templates you will have additional options when clicking the three dots to the right hand side.

      • Edit your custom template.

      • Preview your custom template.

      • Duplicate your custom template.

      • Delete your custom template.

    • You can also add your custom template to our fire and forget library for use in any existing campaign using all available templates.

  • Clicking on the filter icon top right corner will open up our filtering options to narrow down your view of templates.

Phishing landing pages

Once a user clicks a link within a phishing simulation they will be directed to a landing page. Think of landing pages as a fake page that is trying to encourage the user to perform a high risk event such as entering data/credentials or downloading a file.

This page is very similar to the emails library, here you can;

  • View and manage all landing pages.

    • Clicking the three dots to the right of any CybSafe created landing page will allow you to preview the page or duplicate it so you can edit if required.

  • You can search for a specific landing page by clicking on the 🔎 icon.

  • You can also create your own landing page by clicking on the Create button.
    Read more here on creating custom landing pages. Please note, custom landing page creation is only available in HTML.

  • Once you create your own landing page you will have additional options when clicking the three dots to the right hand side.

    • Edit your custom landing page.

    • Preview your custom landing page.

    • Duplicate your custom landing page.

    • Delete your custom landing page.

  • Clicking on the filter icon top right corner will open up our filtering options to narrow down your view of templates.

Intervention pages

Once a user performs a high risk event within a landing page they will be presented with our intervention page. This is a page designed to help the user understand what has just happened and to be able to learn from the experience.
It is only possible to have one intervention page active at any given time. This page will be used across all active phishing campaigns.

On our intervention page you can;

  • View and manage all intervention pages.

    • Clicking the three dots to the right of any CybSafe created intervention page will allow you to preview the page. If this intervention is currently not set to Active, then you will also have the option to activate it.

  • You can also create your own intervention page by clicking on the Create button.
    Read more here on creating custom intervention page. Please note, custom intervention page creation is only available in HTML.

  • Once you create your own intervention page you will have additional options when clicking the three dots to the right hand side.

    • Edit your custom intervention page.

    • Preview your custom intervention page.

    • Select your custom intervention page to make this the active version.

    • Archive your custom intervention page.

Additional resources

Related Articles
Phishing logs and statuses
Report phishing integration with CybSafe
Explainer: Creating custom phishing templates
Phishing landing pages
Tutorial: The CybSafe way to PHISH
Did this answer your question?