Phishing Simulation

Overview

Welcome to the Phishing Simulation module. In this section, you'll be guided through the process of using our Phishing Simulation tool. You'll learn how to:

• Navigate through the module interface.
• Create and initiate a Phishing Campaign simulation.
• Navigate and understand the Recipients Dashboard
• Navigate through different templates
• Understand and utilize the dashboard and its components.

Phishing simulation is a cybersecurity training method where fake phishing emails or messages are sent to employees within an organization to test their ability to recognize and respond to such threats. By mimicking real phishing attempts, these simulations track user interactions, such as clicking on malicious links or entering sensitive information, and provide feedback to improve awareness and prevent actual attacks. This approach helps identify vulnerabilities, educates users on best practices, and enhances overall security by reinforcing the skills needed to detect and handle phishing threats.

---

Navigate to the module:

• Click on the menu icon to show all the different modules

• Under Culture and Awareness, click on Phishing Simulations

 

---

Create a Phishing Campaign:

• To start, click on the simulations icon

• Then click on create a campaign
  

• From here you can choose any email templates to run the phishing simulations, or create a new email template

• From here you can choose any landing page template, or create a new landing template
  

• Then fill in the information needed to be placed on the phishing simulation campaign. These information are used as the phishing simulation's sender details.

• Then choose the recipients you want to partake in the phishing campaign and check there status whether they'll open, click, or ignore the phishing email

• Then you click on any of the options to launch the phishing simulation campaign to the target recipients.

---

Simulations Campaign Dashboard:

The Social Engineering Module dashboard offers a detailed overview of phishing simulation campaigns, showcasing critical information about each campaign's status and performance. It indicates whether a campaign is active and provides the start and end dates. The dashboard also tracks recipient engagement, displaying counts of those who have not opened, opened, visited, or been compromised by the simulations, allowing for effective monitoring and impact assessment.

Additionally, a chart visualizes the percentage of recipients who opened, visited, or were compromised, relative to the total number of simulations conducted. This visualization helps you quickly grasp the effectiveness of your phishing campaigns and their overall impact.

To view more details about a specific campaign, click on a specific campaign.

This section provides an in-depth view of a specific phishing simulation campaign, offering detailed insights into the participants and the campaign's outcomes. It includes a list of all recipients involved, complete with their respective details. Additionally, it features information about the email template used in the campaign, along with a preview of how the email appeared to the recipients. The results of the campaign are displayed in this modal view, including a comprehensive summary of recipient interactions. A graph visualizes key statistics, showing the number of users who opened the phishing email, visited the links, were compromised, or did not open the email. This detailed overview allows for a thorough analysis of the campaign's effectiveness and recipient engagement.

 

---

Recipients Dashboard:

The recipients dashboard shows all the recipients of an organization that will be monitored during phishing simulations. It shows information such as their full name, status, email address, department in the organization, as well as the click prone percentage. The click prone percentage shows how likely they are to click on phishing emails when simulations are being conducted.

---

Add Recipients:

• Click on the add recipient button to add recipients

A modal is then shown with options such as manual entry or import CSV. These are for:

 

Manual Entry - Manually enter a recipient's individual details. Perfect for adding only a small number of recipients.

Import CSV - A CSV file can be uploaded to add multiple recipients all at once. The file must follow the required format for ease of transport process. Perfect for a large number of recipients.

Once the information is filled out, click finish and a new recipient has been added to the phishing simulation module.

---

Phishing Simulation Dashboard:

The dashboard provides a comprehensive view of phishing simulation campaigns, helping organizations monitor and analyze their effectiveness. It tracks key metrics such as the number of active campaigns, start and end dates, and recipient engagement, including how many recipients opened the email, clicked on links, or were compromised. The dashboard features visual tools like charts and graphs to represent these metrics, making it easier to assess overall campaign performance and identify trends over time. Detailed and summary reports offer insights into individual and collective recipient behavior, enabling organizations to gauge the impact of their phishing simulations, improve security awareness, and tailor additional training efforts. This tool is essential for evaluating the effectiveness of security training programs and enhancing overall organizational security.

On the right-hand side of the phishing simulation dashboard, key metrics provide a snapshot of the status oforganization’s phishing simulation campaignsefforts. conductedThis withinsection your organization, empowering you to assess and strengthen your workforce's resilience against social engineering attacks.

Accomplishment Overview:

• Line Graph: Visualizes the progression of the simulation campaign over weeks, providing insights into trends and patterns.
• Percentage Metrics: Highlights the percentage of users who have interacted with simulated phishing emails, including those who opened, visited, and compromised, facilitating a nuanced understanding of user engagement.

Right Portion of the Module:

• Number of Users: Presentsdisplays the total number of users within yourthe organization, providingoffering contextinsight forinto campaignthe metrics.
scope
• Openof Rate:the Indicatessimulations. It also shows the total number of phishing simulations executed, tracking the volume of tests conducted. Additionally, the dashboard presents open rates, which reflect the percentage of users who opened the phishing campaign,emails, offeringand aclick measurerates, of initial engagement.
• Click Rate: Reflectsindicating the percentage of users who clicked on thelinks phishingwithin campaign,those identifyingemails. susceptibilityThese tometrics furthercollectively manipulation.
help
• Total Simulations: Specifiesassess the total number of phishing campaigns sent to your organization's users, informing the scope and frequency of simulation efforts.

Phishing Simulation Details:

• List of Phishing Simulations: Provides a detailed breakdown of each phishing simulation, including:
  • Status: Indicates the current statuseffectiveness of the simulationphishing (e.g.,simulations, ongoing,gauge completed).
  user
  • Startengagement, Date:and Marksevaluate the commencement dateimpact of security awareness initiatives.

    

    The top 10 Highest risk recipients shows the top users in an organization that is more likely to be susceptible to phishing attacks based on their interactions with the simulation campaign.

  emails.
  • EndIt Date:typically Denotesincludes themetrics conclusionsuch date of the simulation campaign.
  • Number of Users Sent: Specifiesas the number of usersemails targeted byopened, the phishing campaign.
  • Numberfrequency of Usersclicks Opened:on Reportsmalicious thelinks, numberand instances of users who opened the simulation, indicating initial susceptibility.
  • Number of Users Visited: Indicates the number of users who visited the simulation, potentially exposing themselves to further risk.
  • Number of Users Compromised: Highlights the number of users who were successfully compromised duringactions. theBy simulation,focusing emphasizingon areasthese forhigh-risk improvementindividuals, andorganizations can tailor targeted training initiatives.
  and
  support
to

improve

their security awareness and reduce their vulnerability to real phishing attacks. This feature allows security teams to prioritize their efforts and address potential weaknesses in their organization's defenses more effectively.

 

If you need further assistance, kindly contact our support at info@cytechint.com for prompt assistance and guidance.