Team: Huntress Managed Security Awareness Training (SAT)
Environment: Managed SAT Portal
Summary: Launching a simulated phishing campaign is easy and only takes a few minutes to complete
From the Managed SAT admin platform, go to the ‘Phishing’ tab, click Create Campaign, and follow the steps below to launch your next simulated phishing campaign.
- Step 1: Choose a Scenario
- Step 2: Choose your Audience
- Step 3: Choose a Schedule
- Step 4: Review and Launch
Step 1: Choose a Scenario
The first step in launching a phishing campaign is choosing which scenario(s) to use. Up to six scenarios will appear on each page, each presenting a brief description and an opportunity to Preview the scenario email.
You can search available templates either on a page-by-page basis or by using the Search bar on the right-hand side of the screen.
Another easy way to search the Managed SAT phishing scenario catalog is by using the dropdown on the left-center of the page. From here, you can filter results to show All, Featured, or scenarios that Offer a Landing Page.
Landing Page scenarios offer a two-step simulated phishing experience. After clicking on the simulated malicious link in the campaign email, Learners are directed to a phony webpage that prompts them to enter their user credentials for that particular service (for example, their DropBox username and password in the DropBox scenarios). After interacting with the bogus landing page, the Learner becomes "compromised" and thus fails the phishing test.
To enable the landing page, click Customize on the scenario. A thumbnail customization menu will appear on the left-hand side of the screen. From this menu, click the Landing tab and select Landing Page to enable this two-step experience for your Learners.
When you have identified the scenario you want to use — be it a click-only scenario or one offering a landing page — click the ‘Select’ button to add it to your campaign. You can add additional scenarios to your campaign by clicking the ‘Add’ button, which will appear on each scenario after the first is selected.
(Can’t find a scenario you are looking for? Contact our Support team for assistance.)
Click ‘Next’ to proceed.
Step 2: Choose your Audience
Phishing campaigns can be set to target ‘All Learners’ in your training program, across multiple groups and departments, or a smaller segment of Learners.
If you want to limit the scope of the audience for your phishing campaign, select ‘Custom Segment,’ then use the ‘Add Condition’ button to target a specific Group, Department, or Learner Tag to participate in the campaign.
Another option is to target specific Learners within the campaign. To do so, click ‘Add Extra’ and add the specific Learners you wish to target in the campaign.
Click ‘Next’ to proceed.
Step 3: Choose a Schedule
After selecting your campaign scenario(s) and audience, the next step is to decide when to schedule your campaign to launch.
The scheduling section offers three options: ‘Now’ allows your campaign to be delivered immediately to the audience selected.
The second option, ‘Scheduled,’ allows you to choose a specific day and time in the future for your campaign to be sent out.
Finally, the ‘Over time’ delivery option allows you to set a period of days or weeks during which campaign emails will be delivered intermittently to your target audience.
After the final email goes out to the selected audience, phishing campaigns will remain ‘In Progress’ for up to ten days, allowing everyone a reasonable amount of time to receive the email and participate in the campaign.
Once you have decided when the campaign will begin, click Next to finalize and launch your campaign.
Step 4: Review and Launch
Before launching your campaign, be sure to review everything you have selected up to this point.
On the right-hand summary panel, you can review the scenario(s) selected for this campaign, the audience participating in it, and the date(s) selected when your campaign will launch.
Additionally, you have the option to enable the Managed SAT Recovery Training, which is a brief training session on phishing prevention that Learners are required to complete after failing a phishing simulation.
After reviewing the summary section, give your campaign a title and, if you choose, a description before you launch.
You can send a test email of the campaign to yourself before launching by clicking ‘Send Test’ beneath the description box. An email will arrive in your inbox within seconds so you can review what your Learners will receive before launching the campaign.
(The subject line of the email will begin with ‘***TEST***,’ but your Learners will not see that when they receive actual campaign emails.)
Click 'Launch Campaign'
All details for your new campaign will be sent to DeeDee so she can start attempting to phish your Learners. You will receive an email letting you know DeeDee is launching the campaign.
Once the campaign is complete, you will receive an email notification with a link to review the campaign results in the Managed SAT admin platform.