Phishing

SecurityIQ, AwareEd, and PhishSim User’s Manual, Pt. 5: PhishSim - Phishing Simulator

Infosec
October 16, 2016 by
Infosec

Back to Table of Contents

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Objectives

Once you have completed this section, you will be able to:

  • Identify the core components of PhishSim Campaigns and how they work together
  • Preview educational modules which can be used in PhishSim campaigns
  • View, create, and modify Data Entry Templates
  • View, create, and edit Education Pages
  • View, create, and modify Email Templates
  • View, create, and modify Batteries
  • Create and manage PhishSim Campaigns
  • Install and use the PhishSim plugin to report PhishSim emails
  • View and manage the PhishSim Quarantine
  • Create and run PhishSim reports

Overview

PhishSim is a phishing training and simulation tool that provides realistic phishing tests, custom phishing email templates, and automatic education for members of your organization.

Using existing templates, a PhishSim campaign can be created and launched in just a few minutes. While we will be covering topics such as creating custom Data Entry Templates and Email Templates, SecurityIQ provides many pre-configured templates that can be used immediately. We will cover these topics for the benefit of those who wish to create or modify content.

PhishSim Core Components

There are four primary components that come together to form a PhishSim campaign. Before we explore each in-depth, we will briefly explain what each is and how they fit into a campaign.

Education

When a learner demonstrates a risky behavior (i.e. clicking the link in a Phishing email), PhishSim has the ability to turn that risky action into a teachable moment through the presentation of different types of training material. PhishSim education can be delivered using our interactive video tutorials as well as static content web pages that can be used to quickly convey information.

Data Entry Templates

In a data entry attack, a phishing victim enters data into a legitimate looking but ultimately malicious website. The SecurityIQ Data entry Templates are mockups of login forms and websites that can be displayed to a learner and ask them to enter data of some kind.

Email Templates

Emails sent to learners are based off of templates within SecurityIQ. These templates define how the email will look, who the email appears to come from, and details regard the type of attack the email is intended to simulate.

Battery

A battery is simply a collection of multiple email templates that you can send to learners during a PhishSim campaign.

Campaigns

A campaign is a collection of batteries that are assigned to be delivered to one or more groups of learners over a defined amount of time.

Quarantine

When a learner identifies a possible malicious or phishing email in their email client, the SecurityIQ PhishSim plugin for Outlook, Outlook 365, and Gmail allows the user to quickly flag and report the email to system administrators. The quarantine area is where the administrator can review and manage these submissions.


Whitelisting

IMPORTANT – In order to ensure that PhishSim emails are successfully delivered to your servers, you must whitelist the following IP address ranges and domains within your server and any other filtering software.

 

 

For a list of the of the IP addresses and Domains please visit your Account Settings page under the Email Stack within SecurityIQ.

Note:
Emails can come from multiple domains. The list of domains is dependent on the domains that are chosen while creating PhishSim campaigns

 

Whitelisting Instructions for Clients and Servers

Whitelisting is a critical step in ensuring the delivery of SecurityIQ email to your users, especially those enrolled in PhishSim campaigns.

If you are using a system which is not listed below, please send an email to customer-support@infosecinstitute.com containing the client or email server/gateway name, version, and its primary website. We will work to keep this list updated based on customer feedback.

 

EMAIL CLIENTS

Listed below are the steps needed manage whitelists and approved senders for a number of different email clients.

Gmail

  1. Open an email from the sender that you want to whitelist.
  2. Click on the little down-pointing-triangle-arrow next to “reply.”
  3. Click Add [user@to-be-added.com] to contacts list to finish.

Microsoft Outlook 2003

  1. Open the email message from the sender you want to add to your address book.
  2. Right-click Click here to download images in the gray bar at the top of the message.
  3. Click Add Sender to Senders Safe List to finish.

Microsoft Outlook 2007

  1. Right-click on the email you received (in the list of emails).
  2. Click Junk E-mail.
  3. Click Add Sender to Safe Senders List to finish.

Microsoft Outlook 2010

  1. Click the Home tab.
  2. Click Junk.
  3. Click Junk E-mail Options.
  4. Click Safe Senders.
  5. Click Add.
  6. Enter [user@to-be-added.com] and additional information if you wish.
  7. Click OK to finish.

Microsoft Outlook 2013

  1. Click the Home tab.
  2. Click Junk.
  3. Click Junk E-mail Options.
  4. Click Safe Senders.
  5. Click Add.
  6. Enter [user@to-be-added.com] and additional information if you wish.
  7. Click OK to finish.

iOS Devices – iPad, iPhone, iPod Touch (needs screenshot?)

  1. On any message, tap the sender and add to either a new contact or an existing contact:

Android Devices – Samsung, Google Nexus, others (needs screenshot?)

  1. In the default email client, touch the picture of the sender.
  2. Click OK to add to contacts.

AOL Mail

  1. Click Contacts in the right toolbar.
  2. Click Add Contact.
  3. Enter [user@to-be-added.com] and additional information if you wish.
  4. Click Add Contact button in the popup to finish.

Comcast

  1. Click Preferences from the menu.
  2. Click Restrict Incoming Email.
  3. Click Yes to Enable Email Controls.
  4. Click Allow email from addresses listed below.
  5. Enter [user@to-be-added.com] you want to whitelist.
  6. Click Add.
  7. Click Update to finish.

Earthlink

  1. Click Address Book.
  2. Click Add Contact.
  3. Save user@to-be-added.com as a contact.
  4. Click save.

Apple Mail

  1. Click [user@to-be-added.com] in the header of the message you’re viewing.
  2. Click Add to finish.

NetZero

  1. Click the Address Book tab on the top menu bar.
  2. Click Contacts.
  3. Click Add Contact.
  4. Enter [user@to-be-added.com] and additional information if you wish.
  5. Click Save to finish.

Yahoo! Mail

  1. Open the email message from the sender you want to add to your address book.
  2. Click Add to contacts next to [user@to-be-added.com].
  3. On the Add Contact popup, add additional information if needed.
  4. Click Save to finish.

Windows Live Hotmail

  1. Open an email from the sender that you want to whitelist.
  2. Click Add to contacts next to [user@to-be-added.com] to finish.

Mac Mail

  1. Click Address Book .
  2. Click File.
  3. Click New Card.
  4. Enter [user@to-be-added.com] and additional information if you wish. .
  5. Click Edit to finish

Mozilla Thunderbird for PC

  1. Click Address Book.
  2. Make sure Personal Address Book is highlighted.
  3. Click New Card. This will launch a New Card window that has 3 tabs: Contact, Address & Other.
  4. Under Contact, enter [user@to-be-added.com] and additional information if you wish.
  5. Click OK to finish.

Mozilla Thunderbird for Mac

  1. Click Address Book.
  2. Make sure Personal Address Book is highlighted.
  3. Click New Card. This will launch a New Card window that has 3 tabs: Contact, Address & Other.
  4. Under Contact, enter [user@to-be-added.com] and additional information if you wish.
  5. Click OK to finish

EMAIL SERVERS

The following links reference instructions on managing whitelist rules and settings for a number of different email servers and gateways.

 

EMAIL GATEWAYS

Education

When a learner demonstrates a risky behavior (i.e. clicking the link in a Phishing email), PhishSim has the ability to turn that risky action into a teachable moment through the presentation of different types of training material. PhishSim education can be delivered using our interactive video tutorials as well as static content web pages that can be used to quickly convey information.

The education that your learners receive is selected when creating or editing your email template. The Default Education can be changed in your SecurityIQ Account Settings. Your SecurityIQ platform comes built in with numerous Educations. Take note of the interactive modules:

  1. Phishing
  2. Ransomware
  3. Spear Phishing
  4. Suspicious Hosts

To get started navigate to Education under PhishSim in your SecurityIQ platform. From here you can browse Educations provided with your Security platform. You can also create, clone and delete educations. You can search for Educations using the search icon. You can also navigate the list using the arrow icons.  

 

Previewing an Education

  1. Hover over the education you wish to preview and click the preview icon.

 

Education Editor

  1. Click the New Education button
  2. Select External URL or Custom Education Page.
  3. Name your Education.
  4. If you selected External URL, enter the desired URL and click the Save button.
  5. If you selected Custom Education Page, edit your Education using the built-in editor. Notice that under tools you can select the Source code tool. This tool will allow you to edit existing or paste new HTML.
  6. You can customize your Education using variables. Variables will pull the related data from your SecurityIQ platform on a per learner basis. For example, if you use the {{learner_first}} variable, the Education will be customized with the first name of the learner it was sent to. For further: https://securityiq.infosecinstitute.com/Documentation/phishedLandingPage
  7. Select any built-in assets that you wish to include in your custom education. Note: If you choose an education asset you must use the variable {{education_asset}}. This variable also controls where the asset is located within your education page.
  8. You can preview your Education by clicking the Preview in Browser button.
  9. When done click the Save button. The newly created education will be in your education list.

Cloning an Existing Education

  1. Hover over the Education that you wish to clone and click the clone icon. This will bring you to the Education Editor. After you make your edits and save the education will be found in your Education list.

 

Data Entry Templates

A data entry attack prompts a learner to enter and submit data into a form. If a learner did this with a real phishing attempt they could give away their credentials or other confidential information. Your SecurityIQ platform includes built-in Data Entry Templates. You can also edit existing or create your own data entry templates.

No information captured by a data entry template is collected by your SecurityIQ platform.

To start navigate to Data Entry Templates under PhishSim.

Notice the three tabs System, Contributed, and Personal. System Templates are templates creating by Infosec Institute and included with your SecurityIQ platform. Contributed are templates that other SecurityIQ customers have created and chosen to share. Personal templates are templates that you have created within the platform.

Under each of the above tabs, the templates are divided into categories you can expand or contract a category by clicking the + or - icon.  

You can also search for templates by clicking the search icon. 

Previewing a Data Entry Template

  1. Hover over the email template you would like to preview and click the preview icon. The preview will open a new browser tab.

Creating a Data Entry Template

  1. Click the New Template button.
  2. Name the template.
  3. Select a Domain.  You can add custom domains in the Phishy Domains section of your platform.
  4. You can customize your data entry template using variables. Variables will pull the related data from your SecurityIQ platform on a per learner basis. For example, if you use the {{learner_first}} variable, every template will be customized with the first name of the learner it was sent to. For further: https://securityiq.infosecinstitute.com/Documentation/dataEntrySites
  5. For a data entry template to work it will need a form and a form submit element.
  6. You preview by clicking the Preview in Browser button.
  7. When done click the Save button. You will find your saved template under the personal tab.

Cloning an Existing Data Entry Template

  1. Hover over the Data Entry Template that you would like to clone and click the clone icon. This will bring you to the Data Entry Template Editor. After you make your edits and save the template it will be found under your Personal tab.

Email Templates

Email templates are the emails that are sent out to your learners during PhishSim campaigns. There are many system and contribute templates for you to choose from. You can also create custom templates.

To start navigate to Email Templates under PhishSim.

Notice the three tabs System, Contributed, and Personal. System Templates are templates creating by Infosec Institute and included with your SecurityIQ platform. Contributed are templates that other SecurityIQ customers have created and chosen to share. Personal templates are templates that you have created within the platform.

Under each of the above tabs, the templates are divided into categories you can expand or contract a category by clicking the + or - icon.  

You can also search for templates by clicking the search icon.

Attack Types

Drive By – The purpose of a drive-by attack is simply to get a learner to click on a link contained in the email. Once they have done this, they will be directed to a web page which contains the training content you have defined in the template.

Attachment – When an attachment attack is conducted, PhishSim will include a file attachment with the email. When a learner opens the attachment, a macro is executed within the document which notifies the SecurityIQ platform that the user has opened the file. You can choose from three different file types to include in the email and also provide a name for the attachment. When providing the name, you do not need to include the file extension. This will automatically be added when the email is sent, based on the type of file being included. The three file types which can currently be attached are Microsoft Word, Excel, and PowerPoint.


Data Entry – Many breaches that occur are the result of a data entry attack in which a user is taken to a web page designed to look like a legitimate site such as Google. The user is then prompted to enter a username, password, or other information. In a real-world scenario, this data would be collected and used to gain access to the user’s account. In PhishSim, we present the learner with a fake login page and then simply register whether or not they entered any data in the form and submitted it. None of the entered data is collected or stored.


When the Data Entry attack type is selected, an additional configuration field is displayed in which you can select the Data Entry Page to be displayed when the learner clicks the link in their email.

 

Previewing an Email Template

  1. Hover over the email template you would like to preview and click the preview icon. The preview will open a new browser tab.
  2.  

Creating an Email Template

  IMPORTANT – If an Email Template is created from external source code, SecurityIQ will automatically sanitize any links that may be included in the source code and redirect them back to a PhishSim landing page. This ensures that emails received by learners will not direct them to a malicious site.

 

 

  1. Click the New Template button.
  2. Name the template.
  3. Select the From Email by clicking the gear icon. You can add custom domains in the Phishy Domains section of your platform.
  4. Enter a From Name.
  5. Enter an Email Subject.
  6. Select the Category that best fits your template.
  7. Select the type of attack your template will use.
  8. Select the education your learners will receive after getting phished. After selecting the education you can preview it by clicking the Preview Education button.
  9. Edit your email using the built-in editor. Notice that under tools you can select the Source code tool. This tool will allow you to edit existing or paste new HTML. This can be useful to copy emails that you have seen in the wild. Any links in your HTML source code will automatically be sanitized and redirected back to a SecurityIQ landing page.
  10. You can customize your email body, from name and subject using variables. Variables will pull the related data from your SecurityIQ platform on a per learner basis. For example, if you use the {{learner_first}} variable, every email will be customized with the first name of the learner it was sent to. Notice that the {{footer}} variable is required. For further: https://securityiq.infosecinstitute.com/Documentation/phishingTemplates
  11. You can preview the template by clicking the Preview in Browser or Email Preview to Me button. Note that the while previewing the email footer will show even if it is suppressed in your SecurityIQ Settings. If you selected to suppress the footer it will be suppressed during a PhishSim campaign.

 

Creating a Template with Phish Indicators

 

Phish Indicators are another way to educate your learners after they have been phished. A phished learner will see the email they received overlaid with indicators. These indicators can be used to point out things that your learners should watch for to avoid phishing.

  1. Create a new Education for the Phish Indicators.
  2. Under the PhishSim menu navigate to Education and click the New Education button.
  3. On the left-hand side select the “Phishing Indicators” Option.
  4. The “{{education_asset}}” variable will display the email template and indicators that you will create in later steps.
  5. Add any additional education that you want to be displayed with your Indicators.
  6. If you already have templates with Indicators you can preview how the education will work by clicking the Preview in Browser button.
  7. Once satisfied with the education name it and click the Save button.
  8. Navigate back to the Email Templates section of your SecurityIQ platform.
  9. Select the template that you want to add Indicators to and click the edit icon. Alternatively, you can create a new template.
  10. Notice the hooks circled in the below image. By clicking these hooks you can add an indicator. The hooks next to the from email, from name and email subject allow you to add an indicator to these fields.
  11. You can add indicators to the email body by highlighted the area you want to add an indicator and pressing the hook in the editor's menu.
  12. Select the Phish Indicators education that you made in the previous steps.
  13. Preview the template to confirm that the template and indicators are correct.
  14. Save the template.
  15. The Indicators will be displayed to a learner as an education after they have been phished.

Cloning an Existing Email Template

  1. Hover over the Email Template that you would like to clone and click the clone icon. This will bring you to the Email Template Editor. After you make your edits and save the template it will be found under your Personal tab.

 

Batteries

Batteries are collections of email templates that are used to charge your PhishSim campaign. There are several default batteries included with your SecurityIQ platform. To view and create new templates navigate to Batteries under Phishsim.

Notice that you can navigate the Batteries list by using the arrow icons. You can also search for batteries by clicking the search icon.

Previewing Default Batteries

  1. Hover over the battery that you want to preview and click the preview icon.
  2. From here you can see the templates in the campaign. You can preview the templates by clicking the preview icon next to the template that you wish to preview.

Creating a New Battery

  1. Click the New Battery button.  

  1. Specifically name your Battery.
  2. Click the Add Templates button.
  3. Select the templates that you would like to add.
    • Notice the three tabs System, Contributed, and Personal. System Templates are templates creating by Infosec Institute and included. Contributed are templates that other SecurityIQ customers have created and chosen to share. Personal templates are templates that you have created within the platform.
    • There is also a drop-down menu that organizes templates into categories and search bar to help you find templates quickly.

Cloning Batteries

  You do have the ability to clone an existing battery within SecurityIQ, this will allow you to add and remove templates in the cloned battery and change the name of the battery if needed.

  1. Hover over the battery that you wish to clone.
  2. Click the Clone icon

Editing Batteries

Note:  You can not edit the default batteries included with our SecurityIQ platform.

  1. Hover over the battery you wish to edit and click the edit icon. You will now be able to add or remove templates and rename it.

Deleting Batteries

  1. Hover over the battery that you wish to delete and click the delete icon.
  2. Click the Delete button.

Phishy Domains


Phishy Domains allows you to pick custom domains and subdomains for your phishing emails and educational landing pages. You provide your custom domain to SecurityIQ through the Phishy Domains feature. SecurityIQ will then automatically check if the domain is available. If available, SecurityIQ will automatically register it and email when it is ready to use.

The Basics

  1. To get started, navigate to the Phishy Domains section of your SecurityIQ platform.
  2. Here you will see a list of domains. When a domain is configured as “Public” all SecurityIQ customers can use it. A domain listed as “Private” can only be used by you.
  3. Hovering your mouse over a domain will make the setting icon appear.

To add a subdomain click the icon and follow the prompts. After adding a subdomain the SecurityIQ team will have to approve before it is available to use.

Registering a Custom Domain

  1. On the right side of the screen, you will notice the Domain Counter and Register Domain Button. The domain counter displays how many custom domains you have available to register.
  2. To register a custom domain click the Register Domains Button.
  3. Enter the custom domain you wish to register and click the Check Domain button.
  4. If your domain is available you will be prompted to register it. Before registering it select if you want the domain to be public (available to all SecurityIQ customers) or private (available only to you).
  5. Click the register button. When your domain is ready you will receive an email from SecurityIQ letting you know.
  6. When your custom domain is approved you will be able to select when creating PhishSim email and data entry templates.

PhishSim Campaigns

PhishSim Campaigns are where you schedule the phishing emails sent from SecurityIQ. You can control who receives the emails, the specific emails that are sent and how the campaign will behave. You can also save draft campaigns for use at a later time.  

    1. Navigate to the Campaigns under PhishSim in your SecurityIQ platform.
    2. Click New Campaign.
    3. Name your campaign.
    4. At anytime after naming your campaign you can save a draft. Your progress will be saved and the campaign will be saved on your campaign page under the Draft Campaign section.
    5. Select our branding.
    6. Select Real Learners.
      • Selecting a Practice With Learner “Bots” will allow you to run a simulated campaign. This can help you test other features such as Reporting and Analytics.
    7. Select the groups and individual learners you want in your campaign.
    8. Select the Batteries or template categories you want to be included in your campaign.

    9. Select the notification you want your learners to receive after being phished.
    10. Optionally, select a group you would like to add phished learners too.

  1. Your SecurityIQ platform can track when learner replies to simulated phishing messages. If you click the advanced tab you can also have the platform look for a predefined string in the reply. You can also define your custom string. If you wish you can have your SecurityIQ platform save the replies for up to 14 days.
  2. After the campaign is started you can check the campaign details to see if a learner replied. Click the Email Status for more details.
  3. Select Send Phishing Attacks Over Time or Send Phishing Attacks at One Time.

 

Send Phishing Attacks Over Time

  1. You may set the campaign to repeat weekly, monthly or quarterly.
  2. Select the date you want our campaign to start.
  3. Select the length of days you want your campaign to run.
    • Note: The emails in the batteries selected in your previous step will be sent randomly to learners. If you select a condensed time frame the emails will be sent rapidly and close together.

  4.  Select how many times you want the campaign to repeat.
    • Note: Selecting 0 will run the campaign 1 time.
  5. Select if you want your learners to receive a training reminder.
  6. Click Save And Schedule Campaign to run the campaign or Save Draft Campaign to save it as a draft.

 

Send Phishing Attacks at One Time
This option will send out the emails in your selected batteries to all the selected learners at one time.

  1. Select the date you want the emails to send.
    • Note: Selecting a date in the past will send the emails immediately.

  2. Select the time you want the emails to send.
    • Note: This time is based on your time, not your learners if you happen to be in different time zones.
  3. Select if you want your learners to receive a training reminder.

Navigation your Campaigns

The PhishSim Campaign section of your SecurityIQ platform will list all running, stopped, and saved draft campaigns. completed campaigns. By hovering your mouse over a campaign you can see options for cloning, stopping and deleting campaigns. You can also add/remove learners and see campaign details.

 

Cloning a Campaign

  1. Hover over the campaign that you would like to clone with your mouse.
  2. Click the Clone icon.
  3. The cloned campaign will appear in your campaign list. Click the Start icon and select how you want the cloned campaign to be scheduled.
  4. Click the Start button.

Stopping a Campaign

  1. Hover over the campaign you want to stop with your mouse and click the stop icon.
  2. This stops the current and any future runs of this campaign.
  3. To restart the campaign hover over it and click the start icon.

 

Deleting a Campaign

Deleting a campaign will also delete all the data associated with this campaign.
  1. Hover over the campaign you wish to delete and click the delete icon.
  2. Click the Yes button.

      IMPORTANT – Deleting a campaign will also delete all associated history for the campaign and its associated learners. If you wish to retain data and results from a campaign, you must run a report for the campaign and export the information prior to deleting it from the system. You cannot undo a deletion, so be sure to export any needed information before doing so.

Adding/Removing Individual Learners to a Campaign

  1. Hover over the campaign that you wish to add learners to or remove learners from and click the Add Learner or Remover Learner icon.
  2. Select Individual Learners.
  3. Select learners in the Available Learners list by clicking them. They can be removed from the Selected learners list by clicking.
  4. You can search for learners using the search tool at the bottom of the Available Learners list and Selected Learners list.
  5. After you have made your selection click the Add Learners or Remove Learners button.

Adding/Removing Learners to a Campaign using Dynamic Filters

  1. Hover over the campaign that you wish to add learners to or remove learners from and click the Add Learner or Remover Learner icon.
  2. Select Add or Remove Learners via Dynamic Filters.
  3. Select the Filter Relationship. This relationship controls how multiple filters work together. Selecting “And” means that all filters selected will have to be true before a learner is selected. Selecting “Or” means that if any of the filters are true the learner will show in the preview.
  4. Next, add at least one filter by filling out the fields and clicking the plus button.
    • More than one filter can be selected.
    • For example, if you selected the Field “Phished Count”, the Operator “Greater than or Equal to” and the Value ‘1’, only learners that have been phished at least one time will show in the preview.
  5. Click the Process Learner Preview button and confirm the results.
  6. After you have made your selection click the Add Learners or Remove Learners button.

Getting Campaign Details

In the Campaign Details, you will find information about a specific Campaign’s runs. You can also find details on a specific run.

  1. Hover over the campaign that you wish to see the details about. Click the details icon. You will find some basic information about your campaign runs.
  2. From here, you can hover over a specific run and click the chart icon. You will find information about how your email templates and learners are performing within your run.

Generating Automatic Reports

By clicking on the campaign status you can generate an automatic report for any specific campaign. After creating the report you can return to it later. It will be found under the Analytics, Auto Reports section of SecurityIQ.

 

PhishSim Plugin and Quarantine

PhishNotify Installation

The PhishNotify plugin is a powerful tool to help keep your organization safe from malicious emails. The plugin allows users to seamlessly report suspicious emails to your system administrators.

You can find the installation media and license key for the PhishNotify plugin, in your SecurityIQ account settings.

System Requirements

  • Windows 7 or newer with Outlook 32 bit, 64 bit or Outlook 365, Gmail (accessed  through the Chrome web browser)
  • .NET version 4.5.2 or newer
  • Open Port 443 TCP (SSL/HTTPS)  workstations so the plugin can communicate with our servers
  • Administrative rights to install software on the workstation

Plugin Behavior

It’s a good Idea to configure the plugin before installation. The following settings are found in your SecurityIQ setting under “Messages and Behavior”.

  1. Upload Email Contents: Enabling this will send the email to our servers for inspection by your team.
  2. Upload Email Attachments: Enabling this will send related attachments to your SecurityIQ Quarantine.
  3. Email Actions: After a user reports an email automatically mark as spam, move to trash or do nothing.
  4. Message When Learner: Change the messages a user receives after reporting an email.
  5. If you make changes make sure to click the Save button on the botom of your SecurityIQ Account Settings page.

Accessing the PhishNotify plugin and Licence Key

  1. Click on the gear icon to access your SecurityIQ Account Settings page.
  2. Take note of your license key and download the plugin you wish to install. 

Registry Edits for Outlook Plugin

In certain situations, Outlook may disable the PhishNotify plugin. Making the below windows registry edits can prevent Outlook from doing this.

For more about editing Windows registry keys visit: https://support.microsoft.com/en-us/help/136393/how-to-modify-the-windows-registry

[HKEY_CURRENT_USERSoftwarePoliciesMicrosoftOffice15.0OutlookResiliencyAddinList]
"SecurityIQPhishNotify" = "1"

[HKEY_CURRENT_USERSoftwarePoliciesMicrosoftOffice16.0OutlookResiliencyAddinList]
"SecurityIQPhishNotify" = "1"

Basic Installation for Outlook

  1. Run the installer:
  2. Enter your License Key:
  3. Restart Outlook and check the ribbon for the PhishNotify plugin:

Command Line Installation Outlook

Run the following as administrator.

The plugin can be installed using the msiexec.exe installer. This in combination with Group Policy will help with a company wide deployment.

msiexec /quiet /i PhishNotify.msi LICENSE_CODE=aaaa-aaaaa-aaaaa-aaaa

Uninstall

The plugin can be uninstalled using the original installation media or the msiexec.exe installer.

msiexec /x PhishNotify.msi

 

Group Policy installation

  1. Start by deploying to one workstation within your organization.
  2. Create a shared folder on your server (read only for Domain Computers), for example C:deploy shared to serverdeploy
  3. Copy PhishNotify.msi into this directory
  4. Make sure the domain computers have access to the shared folder
  5. Create a batch file called phishnotify.bat in the shared folder with the following 3 lines of code:
  6. copy serverdeployPhishNotify.msi C:

    msiexec /quiet /i C:PhishNotify.msi LICENSE_CODE=aaaa-aaaaa-aaaaa-aaaa

    del C:PhishNotify.msi

Create your GPO

  1. Open the Group Policy Management Console, create a new GPO under Computer Configuration > Startup Script.
  2. Click the Add button.
  3. Place the full path to the phishNotify.bat in the script name field.  E.g. serverdeployphishNotify.bat
  4. Click OK, and close Group Policy Management Console.
  5. Refresh group policy on the client by running gpupdate /force  from the command prompt.
  6. Verify the installation by opening Outlook and finding the PhishNotify plugin in the ribbon.

Group Policy Uninstall

To uninstall follow the same process of creating a GPO. Change your batch file for removal.

msiexec /quiet /x C:PhishNotify.msi LICENSE_CODE=aaaa-aaaaa-aaaaa-aaaa

Office 365 Installation

  1. Extract the plugin to the directory of your choice.
  2. Follow the official Microsoft documentation found here: https://support.office.com/en-us/article/Deploy-Office-add-ins-in-the-Office-365-admin-center-737e8c86-be63-44d7-bf02-492fa7cd9c3f

Google Chrome Basic Installation

This plugin is designed to work Chrome while using the Gmail web interface.

  1. In your SecurityIQ Account Settings page click Install via Google App Store.
  2. Next, click add the Add To Chrome button.
  3. Nex, Click Add Extension.
  4. Next, enter your license key and click Check License.
  5. You should now see the PhishNotify plugin in the upper right-hand side of your Chrome window.
  6. In the Chrome Browser navigate to the Gmail account that you wish to use the plugin with. Select an email to view. The PhishNotify icon should now be red. Click the icon. Then click Authorize with Gmail. Finally, allow the plugin access so that emails can be reported. The PhishNotify plugin is now ready to use.

Installing the PhishNotify Plugin Through the Google Dashboard

The following instructions will allow you to use the Google dashboard to install the PhishNotify plugin across your organization's Google Domain. The plugin is designed to work with Chrome while accessing Gmail.

Step 1: Publishing the app

  1. Download the PhishNotify Gmail Plugin from your SecurityIQ Accounts Setting page.
  2. Sign into the Chrome Web Store to publish the plugin. https://chrome.google.com/webstore/developer/dashboard
  3. Click on the Add new item button and browse to select the PhishNotify.zip file.
  4. Once the upload completes, scroll down and select the category and language for the plugin.
  5. Select Private and Everyone at (your domain), then click Publish changes. This process can take up to 60 minutes before the plugin is ready.

Step 2: Force-install the app

  1. Sign into your Google Admin console
  2. From the Admin console dashboard, click on Device management > Chrome management > User settings
  3. Select the appropriate organization.
  4. Scroll down to Force-installed Apps and Extensions and click Manage force-installed apps.
  5. Select Domain Apps, click Add, then click Save.
  6. Finally, at the bottom of the Admin Console, click Save.

Quarantine

The Quarantine section of your SecurityIQ platform works in conjunction with the PhishNotify plugin. When a learner reports a suspicious email not associated with your SecurityIQ platform it is placed in your quarantine. The email and associated attachments will be kept in our quarantine for 14 days.

Note: Your PhishNotify plugin can be configured in your Account Settings.

 

Viewing Quarantined Emails

  1. Navigate to the Quarantine Section of your SecurityIQ platform under PhishSim. Here you will find a list of quarantined emails.

Previewing a Quarantined Email

  1. Hover your mouse over the email you wish to preview. Click the Preview icon.
  2. From here you can view the email, view the email source code or download associated attachments.
    • Attachments can be downloaded by clicking on the attachment.
    • The source code can be viewed by clicking Show Original
    • The contents of the email can be viewed in the Email Contents section.

 

 

Deleting Quarantined Emails

  1. Hover your mouse over the email you would like to delete. Click the Delete icon.

Reports

Reporting is the way you can get data about your PhishSim and AwareED campaigns. Reports provides you with the ability to get an overview of how your learners are performing. Summary reports include a visualization tool. All reports can be downloaded as a CSV file or automatically emailed out weekly.  

 

There are four types of reports:

 

  1. AwareED Campaign Summary: Reports the percentage of learners that started and completed your AwareED course.
  2. PhishSim Campaign Summary: Reports the percentage of learners that avoided, opened, phished, completed a training and opened a file in a selected PhishSim Campaigns.
  3. AwareED Campaign Run Status: Provides a list of learners in selected AwareED Campaigns and learner’s status in the course.    
  4. PhishSim Campaign Run Status: Provides a list of PhishSim Campaign events along with associated dates and learners.

To get started navigate to Reports.

Creating a New Summary Report

  1. Click the New Report button.
  2. Name your Report
  3. Select Report Type (AwareED Campaign Summary or PhishSim Campaign Summary).
  4. Select the campaigns you want to be included.
  5. Select which Campaign Runs you want to be included.
  6. Select if you want data displayed in number or percentage format.
  7. You can test the report by clicking the Test in Browser button.
  8. You can send a test email by clicking the Send Test Email button.
  9. If you wish this report to be emailed once a week check the checkbox and select whom you would like to receive the report.
  10. Click the Save Report button.

    [caption id="attachment_37993" align="aligncenter" width="550"]19 Example Summary Report[/caption]

Creating a New Run Status Report

  1. Click the New Report button.
  2. Name your Report
  3. Select Report Type (AwareED Campaign Run Status or PhishSim Campaign Run Status).
  4. Select the campaigns you want to be included.

  5. Select the Learner Groups you want to be included.
  6. Select which Campaign Runs you want to be included.
  7. Select your Status Filters.
  8. Display the information you want to be displayed.
  9. You can test the report by clicking the Test in Browser button.
  10. You can send a test email by clicking the Send Test Email button.
  11. If you wish this report to be emailed once a week check the checkbox and select whom you would like to receive the report.
  12. Click the Save Report button.

    [caption id="attachment_37996" align="aligncenter" width="550"]22 Example Run Status Report[/caption]

 

 

Viewing a Report

 

  1. Hover your mouse over the report you wish to view and click the details icon.
  2. Notice that while viewing the report you have the option to download the data as a CSV file.

Cloning a Report

  1. Hover your mouse over the report you wish to view and click the clone icon.
  2. Make any changes to the report and click the Save button.

Editing A Report

 

  1. Hover your mouse over the report you wish to view and click the edit icon.
  2. Make any changes to the report and click the Save button.

Deleting a Report

  1. Hover your mouse over the report you wish to view and click the

 

 

 

 

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

 

Infosec
Infosec