Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
This section will help you comprehend and utilize the fundamental features within the Phishing Scenarios page. Below, we have provided shortcuts to the parameters within the Phishing Scenarios page.
The Phishing Simulator allows you to create a realistic simulated phishing email that is sent to employees in order to assess their ability to recognize suspicious emails and their response to attacks that could compromise organizational data and systems.
The product provides the capability to customize and target a phishing campaign suited to your organization and to evaluate the results.
A: Currently, no - it’s mandatory to see the campaign tested before making any mistake. You will receive the email on the Delivery Settings page. The system automatically sends a test email and notifies you about this action
A: If the microsoft name is used in a subdomain there are many threat intelligence services, chromium based browsers, URL filtering tools easily detect and block this domain. If you need this, please reach out to
A: We can only host domains verified through Cloudflare. Please refer to for more information.
A: You can easily create a customized phishing scenario to suit your organization. You will find the instructions .
A: The System templates can't be deleted by the admin users. The admins are able to delete their custom templates.
A: The platform automatically generates unique tracking links for attached files for each target user for Attachment type campaigns. The domain that is used for the attachment type campaign are dynamics. Please make sure you whitelist all the simulation domains.
A: The delivery status can be checked on Sending Report menu in the campaign report to see if the emails have been delivered successfully to the users. If the emails are successfully delivered, please check your .
A: If the campaign contains an HTML page where it contains any words, pictures or links related to Google, Facebook, Twitter, Apple, Microsoft or other such major companies, Google will easily identify it as suspicious and as a result, the user will see red screen after click the link in the simulated phishing email.
Please make sure not to use real words, pictures or links that are related to major companies.
The platform offers approximately fifty domains to be used in campaigns. The admin can also try to change the phishing domain to a new one and then launch the campaign with the new domain.
A: The Outlook Desktop application doesn't read CSS styles which cause sometimes the email not to look properly as it was seen on the platform. You may contact the support team to check if the phishing email could be optimized.
A: The difficulty level of email templates and landing pages is determined based on several factors, including but not limited to:
Sophistication of Phishing Techniques: The use of advanced spoofing methods, such as display name spoofing, domain similarity, and the inclusion of personalized information, can make a phishing attempt more difficult to recognize.
Quality of the Content: The presence of grammatical errors, unusual requests, or other indicators typically associated with phishing can vary. Templates with fewer errors and more realistic scenarios are considered more difficult.
Design and Presentation: For landing pages, the visual design and how closely it mimics legitimate websites play a crucial role. High-quality designs that closely resemble real sites increase the difficulty level.
Easy: These attempts may contain obvious signs of phishing, such as poor spelling and grammar, generic greetings, or implausible requests. They are typically easier for users to identify with basic awareness training.
Medium: These attempts are more sophisticated, with fewer obvious errors and more believable scenarios. They might have email addresses and websites that look like they are real, but if you look closely, you can still find some mistakes.
Hard: These are highly sophisticated attempts that closely mimic legitimate emails and websites, often using personalized information and current events to create convincing scenarios. Recognizing these requires advanced awareness of identity phishing tactics.
A: If you can't see the X-Keepnet-TID header in phishing simulation emails, it's likely due to how the email was forwarded. If the simulation email was forwarded using the "Forward as Attachment" or "Normal Forward" options in Outlook, Microsoft may alter the email headers.
When a message is forwarded as an attachment in the Outlook desktop application, the attachment is often compressed to reduce its size. This compression can strip the original message headers, including the EOP headers we need to analyze.
To ensure the original message and its headers remain intact, save the message to your desktop first, compress it (we recommend adding it to a .zip archive), and then send the compressed file as an attachment. The Outlook Desktop client will not modify the message within a zip file, ensuring that the complete message with all headers arrives at its destination.
For more details, please refer to the following article:
Context and Relevance: Attempts that leverage current events, believable scenarios, or target specific job roles can be harder to identify as phishing, especially if they align closely with the recipient's expectations or experiences.
This section will help you comprehend and utilize the fundamental features within the Phishing Simulator Settings page. Below, we have provided shortcuts to the parameters within the Phishing Simulator Settings.
The Exclude IP Address feature is designed to prevent false positive reporting due to security applications that analyze the links in the email in cooperation. It is designed as an alternative option to prevent false positive reporting. The permanent solution is to whitelist SMTP IP addresses of the platform to prevent false positive reporting but sometimes admins are not able to configure it on security applications.
You can add the individual IPv4/IPv6 addresses or ranges of IPv4/IPv6 addresses to prevent false positive reporting.
The following steps explain how to add Individual IP Addresses, range of IP addresses or Batch IP Addresses to exclude from reporting.
Go to > Settings > Exclude IP addresses menu.
You can add individual IPv4/IPv6 addresses with the following example format.
192.168.1.1
Go to > Settings > Exclude IP addresses menu.
You can add a range of IPv4/IPv6 addresses with the following example format.
192.168.1.1/24
Go to > Settings > Exclude IP addresses menu.
You can add IPv4/IPv6 addresses by using the batch option with the following example format.
192.168.1.1/24
This tutorial explains the Exclude IP Address feature.
A: Yes, after adding the IP addresses, the platform will exclude any data related to IP addresses for previous and future reports.
A: Yes, after removing the IP addresses, the platform will restore the excluded data related to IP addresses to all reports back.
2001:0db8:85a3:0000:0000:8a2e:0370:7334
2001:0db8:85a3:0000:0000:8a2e:0370:7334/128
Click the Save Changes button.
Click the Save Changes button.
192.168.1.1
2001:0db8:85a3:0000:0000:8a2e:0370:7334/124
2001:0db8:85a3:0000:0000:8a2e:0370:7334/128
2001:0db8:85a3:0000:0000:8a2e:0370:7334
Click the Save Changes button.
This page explains the capabilities available to create and use Domains and DNS Services in the phishing simulator. You can integrate your DNS service provider if the platform supports it already and then you will be able to create phishing domains on the platform to use them in the phishing campaigns.
The platform supports Cloudflare as a DNS provider by default. Cloudflare provides instant subdomains for the main domains and it is easy to manage phishing domains and subdomains with Cloudflare and also able to use on-the-fly free SSL certificates.
Previously created domains are listed in the Phishing Simulator > Settings > Domains menu on the left sidebar of the platform The table below provides details of the content on this page.
Previously created DNS Services are displayed in the Phishing Simulator > Settings > DNS Services menu on the left sidebar of the platform. The table below provides details of the content on this page.
The system supports Cloudflare for the customers to manage phishing domains and add/use them on the platform. These steps are only available to customers who can use Cloudflare for phishing domains.
From the left sidebar menu of the platform, go to Phishing Simulator > Settings > DNS Services and click on the “+ NEW” button. You will be asked to complete some mandatory fields to integrate a new DNS service.
From the left sidebar menu of the platform, go to Phishing Simulator > Settings > Domains and click on the “+ NEW” button. You will be asked to complete some mandatory fields to create a new domain to be used in phishing campaigns.
A: Integration is only possible with the DNS services listed on the platform.
A: The platform offers this feature If you use a Cloudflare domain address.
Landing pages direct the user to a specific page, and can be used for a variety of purposes, such as requesting login credentials or other sensitive information.
The > Phishing Scenarios > Landing Page Templates page contains standard default landing pages you can select and use for your phishing scenario or customize according to your preferences. You also have the option to create an entirely new landing page.
The components of the Landing Page Templates page are explained below.
Edit the details of the selected domain or Delete the selected domain.
Select which companies or company groups with whom you wish to share the DNS service.
This option is only available to Reseller users.
Test Connection
Check the settings of the domain
Domain
The name of the domain
DNS Name
The name of the integrated DNS service
DNS Record
The destination IP address or hostname information of the domain
Created By
Indication that the domain definition was created by the platform (system) or the company (custom).
System type domains on the platform cannot be edited or deleted.
Status
The system checks if there is an access problem on the domain every 24 hours.
Date Created
The date and time that the domain address was created
DNS Name
The name of the DNS service
Service Type
A list of integrated DNS services that are ready to use
Status
The system checks if there is an access problem on the domain service every 24 hours.
Created By
Indication that the domain service definition was created by the platform (system) or the company (custom)
System type domains on the platform cannot be edited or deleted.
Date Created
The date and time that the DNS service was created
Action
Edit the details of the selected DNS service or Delete the selected DNS service.
DNS Name
The name of the created DNS service
Service Type
A list of integrated DNS Services that are ready to use
Email Address
The e-mail address registered with your DNS service provider
API Key
The API key provided by your DNS service provider
Make Available for
Select companies or company groups with which you wish to share the DNS service
This option is only available to Reseller users
Test Connection
Check the settings of the DNS service
Domain
The domain address (e.g example.com).
DNS Service
Select the DNS service that is already integrated on the platform.
Customize DNS Record
Choose the DNS record type.
Record type "A" requires that you enter IP address information.
Record type "CNAME" requires that you enter hostname information.
The Support Team can provide CNAME or A record information after requested via ticket.
Proxy Status
Proxied = Traffic between the user and the DNS service provider is provided through a reverse-proxy server. The traffic between the user and DNS is encrypted and the real IP address of the server is masked.
DNS Only = The traffic between the user and the DNS service provider is provided directly. The company is responsible for encrypting the traffic and the real server's IP address is not masked.
If the DNS Only status is enabled, the Schema option is not available.
Schema
Select the HTTP, HTTPS, or use of both protocols for the domain address.
Zone ID
Enter the unique Zone ID provided by Cloudflare. The information is at the bottom of the Dashboard page in Cloudflare.
Action
Make Available for
Difficulty
The level of difficulty to recognize a phishing attempt (Easy, Medium, Hard). Please to see how the difficulty level is determined.
Creation Type
Filter landing pages based on their creation type (e.g., Manual or AI Ally).
Created By
System: Standard landing page templates are provided with the product.
Custom: Landing pages created or customized by users
Stop Bot Activity
It shows the stop bot activity feature enabled for the landing page. By default, it is enabled and cannot be disabled to ensure that the target user activities are accurately captured.
Tags
Tags can be added to the landing page to enable viewing using related tag lists.
Date Created
The date and time the landing page was created
This section explains how to edit, preview, clone, or delete a landing page.
Click on the three dots '⋮' button in the Actions option on the far right of the relevant page, and then click the Edit button.
Click on the three dots '⋮' button in the Actions option on the far right of the relevant page, and then click the Preview button.
Click on the three dots '⋮' button in the Actions option on the far right of the relevant page, and then click the Duplicate button.
Click on the three dots '⋮' button in the Actions option on the far right of the relevant page, and then click the Delete button.
Follow the steps below to add a new landing page that you can use in a new or existing phishing scenario:
Click the +New button in the upper right corner of the Phishing Simulator > Phishing Scenarios > Landing Page Templates page.
Complete the required fields on the first Template Info page, then click Next.
On the Page Settings page, provide the Phishing Link: the URL to be used in the phishing email.
Localize: Localize your main landing page template to different languages. Click to learn the benefits of the feature and more information.
Click Edit to make any changes or Save to complete the process.
Follow the steps below to add a new just-in-time learning page that you can use in a new or existing phishing scenario:
Go to Phishing Simulator > Phishing Scenarios > Landing Page Templates page.
Search 'Just-in-time Learning Page: Email Warning Signs' and click the Duplicate button to customize.
Customize any fields on the first Template Info page, then click Next.
On the Page Settings page, provide the Phishing Link: the URL to be used in the phishing email.
Review your red flag landing page, or click the Edit button to customize it.
Once you complete customization or review, click Save to complete the process.
Once you create your just-in-time learning page, now click here to learn how to combine your red flag email template and just-in-time learning page in a scenario to be able to launch to your employees.
Follow the steps below to effortlessly create custom landing page templates with the help of AI Ally. Once your landing page template is ready, it can be used in a new or existing phishing campaign:
Click the +New button in the upper right corner of the Phishing Simulator > Phishing Scenarios > Landing Page Templates page.
Complete the required fields on the first Template Info page, then click Next.
On the Page Settings page, provide the Phishing Link: the URL to be used in the phishing email.
Click on Use AI Ally and describe the scenario and key details for the landing page you want to generate.
Once described, select the Language in which the landing page will be created.
After providing the scenario details, click the Generate Landing Page button to create your landing page.
Once the landing page is generated, click Edit to make any changes, or Save to finalize the landing page template creation process.
Here are some helpful ready-to-use AI prompts for creating landing pages.
Google Login Page
Data Submission
Create a landing page that closely resembles the Google Login Page. Ensure the design includes fields for email and password input, a "Forgot email?" link, and a "Next" button. Include a Google logo at the top and a small text link for "Help" and "Privacy Policy". The page should have a clean, minimalistic design with a white background.
Amazon Login Page
Data Submission
Create a landing page that looks like the Amazon Login Page. Include fields for email and password, a "Forgot Password?" link, and a "Sign-In" button. Add a small Amazon logo at the top and include a checkbox for "Keep me signed in". Below the login form, include a "Create your Amazon account" link. The design should have a white background with light gray borders.
Company Event Registration Form
Data Submission
Create a landing page for a company event registration. Include fields for full name, email, phone number, and a dropdown to select the department. Add a "Register" button at the bottom. The page should also include a banner at the top with the company logo and event name. The color scheme should match typical corporate branding with a professional look.
Password Reset Page
Data Submission
JavaScript enhances landing pages with dynamic behavior and interactivity. This capability helps you create more engaging and realistic phishing simulations by enabling features such as:
Real-time content manipulation Example: Add a countdown timer that shows “You have 30 seconds left to complete this form.” This creates urgency and makes the simulation feel more realistic.
Form validation Example: When a user tries to submit a form without entering an email address, JavaScript can show a warning like: “Please enter your email before submitting.” This mimics real websites that check inputs.
Conditional content display Example: Show a hidden message only if a user types in a certain keyword or clicks a specific button, such as “Access Granted” after filling a field correctly.
Please follow the steps below to use the JavaScript code editor feature.
Go to Phishing Simulator > Phishing Scenarios > Landing Pages
Click + NEW to create a new landing page
Complete the required fields on the first page, then click Next
Click Edit at the bottom center of the page to open the landing page editor
At the top of the editor, click Import to open the HTML code editor
Inside the editor, locate the notice: “Some scripts may be blocked for security reasons. Click here to add custom JavaScript code.”
Click the link to open a pop-up where you can safely insert your JavaScript
After inserting your script, click Save to apply your changes and publish the landing page
You can now create a scenario with your email template and landing page and then launch it to your email inbox to test the landing page to confirm if everything works as you expect.
Here's a list of merge tags to help you make your landing pages more personal. Adding these tags can make your phishing campaign more tailored to the recipient.
Full Name
Inserts the target user's first and last name.
First Name
Inserts the target user's first name.
Last Name
Inserts the target user's last name.
Inserts the target user's email address.
From Name
Inserts the sender's name from the associated email template for this landing page scenario.
Landing pages direct the user to a specific page and can be used for a variety of purposes, such as requesting login credentials or other sensitive information. This tutorial will walk through the steps of creating/editing a landing page.
A: Yes! You can direct users to your own URL instead of using a standard Keepnet landing page. To set this up, select a Keepnet landing page, and replace the URL in the provided HTML code with the URL of your hosted landing page. Here’s how you do it:
Choose a Keepnet landing page for your phishing scenario.
Insert the following HTML code, substituting https://www.google.com with your own landing page URL:
This setup will automatically redirect anyone who clicks on the link to your chosen landing page after 1 second, allowing us to track the click-through.
Template name
The name of the landing page template
Method
The phishing technique employed.
Data Submit: Used to detect target users who submit data on the landing page
Attachment: Used to detect target users who download the attachment in the phishing simulation email
Click-Only: Used to detect target users who click unknown links in the phishing email
Languages
Filter landing pages based on your preferred languages.
The > Phishing Scenarios > Scenarios page provides a selection of ready-to-use phishing campaigns. These standard system scenarios are available to all clients and can be launched with just a few clicks. You also have the option to customize a scenario to your needs or to create a unique phishing campaign.
The components of the Scenarios page are explained below.
htmlCopy code<meta http-equiv="refresh" content="1; URL=https://www.your-landing-page.com" />Filter scenarios based on your preferred languages.
Roles
Filter scenarios based on the roles.
Tags
Tags can be added to the phishing scenario to enable viewing using related tag lists.
Difficulty
The level of difficulty to recognize a phishing attempt (Easy, Medium, Hard). Please to see how the difficulty level is determined.
Created By
System: Standard phishing scenario templates provided with the product.
Custom: Phishing scenarios created or customized by system users.
Date Created
The date and time the phishing scenario was created.
This section explains how to initiate a phishing campaign.
Once you have selected a phishing template for your campaign and identified the targets, click on the Launch '➤' button in the Actions menu on the far right of the page.
You will be presented with options to specify or modify various elements of the campaign.
Campaign Name
The name used to identify the phishing campaign and the name that will be used on the report generated at the conclusion of the campaign
Target Groups
The group(s) selected to receive the phishing campaign message
Mark as Test
The phishing report can be removed from other reporting areas of the platform
Limit Recipients
The phishing campaign can be designed to be sent to random users in the target group according to a percentage or user count.
Once you designed the proposed campaign and clicked the Next button, you will be provided with a summary. The components are explained below.
Scenario Info
Basic information about the phishing campaign
Settings
Settings information of the phishing campaign
Other
Any other additional information about the campaign
Target Users
The users to whom the phishing campaign will be sent
Email that will be sent to users
Preview of the phishing email that will be sent
Landing page for users who click the phishing link
Preview of the landing page when a user clicks the phishing link used in this campaign
Click on the three dots '⋮' button in the Actions option on the far right of the relevant page, and then click the Edit button.
Click on the three dots '⋮' button in the Actions option on the far right of the relevant page, and then click the Preview button to view what will be sent to the targeted users.
Click on the three dots '⋮' button in the Actions option on the far right of the relevant page, and then click the Duplicate button to recreate a previous campaign.
Click on the three dots '⋮' button in the Actions option on the far right of the relevant page, and then click the Delete button to delete a phishing campaign.
This option gives you an overview of phishing templates on the platform, grouped by region (e.g., EMEA, NAM), brand (e.g., Microsoft, Google), industry (e.g., finance, IT), attack type (e.g., click-only), language, and emotional triggers (e.g., urgency, excitement). It helps you explore and select the most relevant templates for your campaigns.
To access it, go to Phishing Simulator > Scenarios and click the "Scenario Statistics" button at the top-right of the scenarios page.
The Scam of the Week category highlights phishing scenarios that are based on the most recent and trending cybersecurity threats. These scenarios are updated weekly and curated by security experts to help you quickly launch timely and realistic phishing simulations.
To view scam of the week scenarios, go to Phishing Simulator > Phishing Scenarios, select Scam of the Week from the Category filter.
Phishing scenarios have two components: the phishing email template and the landing page. Follow the steps below to add a new phishing scenario:
Click the +NEW button in the upper right corner of the Phishing Simulator > Phishing Scenarios page.
Complete the required fields on the first page, then click Next.
Scenario Name: Enter a name for your scenario.
Description: Describe the template briefly for your reference.
Category: Select the threat type that classifies your phishing scenario.
Method: Choose the appropriate phishing strategy for your scenario.
Click-Only: Redirect users to a specific landing page, and see who clicks the phishing link within the report.
Data Submission: Redirect users to a page where they must enter requested credentials and see who submits this information in the report.
Roles: Add roles to the scenario that fit specific roles.
Tags: Define tags for the scenario.
Make Available For: Make your scenario available to be used by the other customers under your organization. This feature is only available to admins who have Reseller permissions.
Click Next to go to the Email Template page.
On the Email Template page, select the e-mail template you want to use and then click the Next button.
Select the Landing Page template you want to use and then click the Next button to move on to the Summary page.
If the MFA method is selected, you'll find a sub-menu titled "MFA Settings" on the Landing Page. Here, you can customize the "Sender Phone Number" and the text for the "SMS Verification Message".
The Summary page provides you with an overview of the proposed phishing campaign, including the type of campaign, the targeted users, and other important details.
Now you can click the Save button to create your scenario. Now, you are ready to launch your scenario either using Fast Launch or Campaign Manager.
The Just-in-time Learning Page is an intelligent feature that automatically highlights warning signs (red flags) in simulated phishing emails. It provides employees with instant, contextual training at the exact moment of risk.
To set this up, you first need to create both the Just-in-time Learning Page and the Red Flag Email Template. Once completed, you can combine them to build a phishing scenario and launch it to your employees.
If you are ready, please follow the steps to create a scenario.
Before you proceed with this section, please make sure you have created the just-in-time learning page and red flag email template.
Click the +NEW button in the upper right corner of the Phishing Simulator > Phishing Scenarios page.
Complete the required fields on the first page, then click Next.
Scenario Name: Enter a name for your scenario.
Description: Describe the template briefly for your reference.
Category: Select the threat type that classifies your phishing scenario.
Method: Choose the appropriate phishing strategy for your scenario. Please make sure the method is the same as your email template and landing page category.
Click-Only: Redirect users to a specific landing page, and see who clicks the phishing link within the report.
Data Submission: Redirect users to a page where they must enter requested credentials and see who submits this information in the report.
Roles: Add roles to the scenario that fit specific roles.
Tags: Define tags for the scenario.
Make Available For: Make your scenario available to be used by the other customers under your organization. This feature is only available to admins who have Reseller permissions.
Click Next to go to the Email Template page.
On the Email Template page, select the red flags email template you created and then click the Next button.
On the Landing Page page, select the just-in-time learning page and then click the Next button to move on to the Summary page.
If the MFA method is selected, you'll find a sub-menu titled "MFA Settings" on the Landing Page. Here, you can customize the "Sender Phone Number" and the text for the "SMS Verification Message".
The Summary page provides you with an overview of the proposed phishing campaign, including the type of campaign, the targeted users, and other important details.
Now you can click the Save button to create your scenario. Now, you are ready to launch your just-in-time learning page scenario either using Fast Launch or Campaign Manager.
This tutorial will cover the Scenarios that are created by combining the Email Template and/or Landing Page and making the campaign ready to send to the target users.
A: No. Landing pages are not supported for Attachment scenarios. These scenarios only support Word, Excel, PowerPoint, and HTML attachments. User activity is tracked when the attachment is opened or executed on the device, which is an action users should normally avoid.
Scenario name
The name of the phishing template
Category
Category is used to classify phishing scenarios by threat type.
Method
The phishing technique.
Data Submit: Used to detect target users who submit data on the landing page
Attachment: Used to detect target users who download the attachment in the phishing simulation email
Click-Only: Used to detect target users who click unknown links in the phishing email.
MFA: Used to detect target users who enter their MFA codes on the landing page
Languages
Create a landing page for a system password reset. Include a field for entering the email address, a "Submit" button, and a link for "Contact Support" in case the user has trouble resetting their password. The design should be simple with a white background, and include a small company logo at the top. The instructions should be clear and concise.
Bank Account Login Page
Data Submission
Create a landing page that mimics a bank account login page. Include fields for "Username" and "Password", a "Forgot Username or Password?" link, and a "Sign In" button. Add a small bank logo at the top, and include links for "Enroll Now" and "Help". The design should be secure and professional, with a dark blue and white color scheme.
Subscription Confirmation Page
Data Submission
Create a landing page for subscription confirmation. Include a message saying "Thank you for subscribing!", a field for entering an email address to confirm the subscription, and a "Confirm Subscription" button. Add a small note about privacy at the bottom. The design should be clean and modern, with a focus on ease of use.
E-commerce Checkout Page
Data Submission
Create a landing page for an e-commerce checkout process. Include fields for billing information (name, address, city, state, zip code), payment information (credit card number, expiration date, CVV), and a "Place Order" button. Add a small shopping cart icon at the top, and a summary of the order on the right side. The design should be user-friendly with a focus on security.
Event Ticket Purchase Page
Data Submission
Create a landing page for purchasing event tickets. Include fields for selecting the number of tickets, seating options, and payment details. Add a "Purchase Tickets" button at the bottom, and a small banner at the top with the event name and date. The design should be vibrant and engaging, with a focus on creating excitement for the event.
Phishing Awareness Oops Page
Click Only
Create a landing page that tells the user they've clicked on a simulated phishing email. The message should say "Oops! The email you just clicked was a phishing simulation. Don't worry, this is to help you learn." Include three key rules: 1. Avoid unknown links/attachments. 2. Verify the sender's email. 3. Be cautious of too-good-to-be-true offers. The design should be clear and educational.
Security Training Oops Page
Click Only
Create a landing page that informs the user they interacted with a simulated phishing email. The message should say "Oops! You just clicked on a test phishing email for training purposes." Include three rules: 1. Avoid unknown links. 2. Verify sender legitimacy. 3. Be cautious of urgent requests. Design it to be instructional and easy to understand.
From Email
Inserts the sender's email address from the associated email template for this landing page scenario.
Subject
Inserts the subject line from the associated email template for this landing page scenario.
Company Logo
Displays your organization's logo, sourced from the Whitelabeling page.
Company Name
Displays your organization's name, sourced from the company profile.
Date Sent
Inserts the date when the campaign is launched.
Current Date
Inserts the current date when the campaign is launched.
Current Date Plus 10 Days
Inserts a date that is 10 days after the campaign's launch date.
Current Date Minus 10 Days
Inserts a date that is 10 days before the campaign's launch date.
Random Number One Digit
Generates and inserts a random one-digit number.
Random Number Two Digit
Generates and inserts a random two-digit number.
Random Number Three Digit
Generates and inserts a random three-digit number.
User Language
Inserts the target user's Preferred Language information on the landing page
User Department
Inserts the target user's Department information on the landing page.
The Phishing Simulator > Phishing Scenarios > Email Templates page provides you with system default phishing email templates. You can use them as they are or customize them as needed for your phishing campaign.
The components of the Email Templates page are explained below.
Template name
Name of the email template
Method
The phishing technique employed.
Data Submit = Used to detect target users who submit data on the landing page
Attachment = Used to detect target users who download the attachment in the phishing simulation email
Click-Only = Used to detect target users who click unknown links in the phishing email
Languages
Filter email templates based on your preferred languages.
Tags
This section explains how to edit, preview, clone, or delete an e-mail template.
Click on the three dots '⋮' button in the Actions option on the far right of the relevant page, and then click the Edit button.
Click on the three dots '⋮' button in the Actions option on the far right of the relevant page, and then click the Preview button.
Click on the three dots '⋮' button in the Actions option on the far right of the relevant page, and then click the Duplicate button.
Click on the three dots '⋮' button in the Actions option on the far right of the relevant page, and then click the Delete button.
Follow the steps below to create a new email template for use in a new or existing phishing campaign:
Click the +New button in the upper right corner of the Phishing Simulator > Phishing Scenarios > Email Templates page.
Complete the required fields on the first page, then click Next.
Complete the sections below on the Email Settings page:
Follow the steps below to create a new email template with red flags for use in a new or existing phishing campaign:
Click the +New button in the upper right corner of the Phishing Simulator > Phishing Scenarios > Email Templates page.
Complete the required fields on the first page, then click Next.
Complete the sections below on the Email Settings page:
Once you save your email template, now click to learn how to create and use the email template with just-in-time learning page.
Follow the steps below to effortlessly create custom email templates with the help of AI Ally. Once your template is ready, it can be used in a new or existing phishing campaign:
Click the +New button in the upper right corner of the Phishing Simulator > Phishing Scenarios > Email Templates page.
Complete the required fields on the first Template Info page, then click Next.
Click on Use AI Ally and describe the scenario and key details for the email template you want to generate.
Here are some helpful ready-to-use AI prompts for creating email templates.
Here's a list of merge tags to help you make your email template more personal. Adding these tags can make your phishing campaign more tailored to the recipient.
The Email Templates page provides you with system-default phishing email templates. You can use them as they are or customize them as needed for your phishing campaign.
MFA: Redirect users to a Multi-Factor Authentication (MFA) page where they must input a received MFA code to continue, and see who submits MFA codes in the report.
MFA: Redirect users to a Multi-Factor Authentication (MFA) page where they must input a received MFA code to continue, and see who submits MFA codes in the report.
Subject: Subject line of the phishing email
From Name: Sender name that will be visible to the target recipient
From Email Address: Sender email address information that will be visible to the target recipient
CC: Add a CC email address to your phishing simulation email.
Attach File: If desired, you can attach a file to the phishing email. This option is only available if the email template method type is set to Attachment.
View/Edit Template: View and edit the available email templates in localized languages.
Localize: Localize your main email template to different languages. Click here to learn the benefits of the feature and more information.
Show Red Flags: Let AI Ally scan the email template and highlight suspicious elements—such as mismatched sender addresses, fake buttons, or misleading icons—while employees are expected to spot these red flags on their own.
Import Email: Use the three-dot button to import an MSG or EML file and customize it.
Click Edit to make any changes or Save to complete the process.
From Name: Sender name that will be visible to the target recipient
From Email Address: Sender email address information that will be visible to the target recipient
CC: Add a CC email address to your phishing simulation email. This is optional.
Attach File: If desired, you can attach a file to the phishing email. This option is only available if the email template method type is set to Attachment.
View/Edit Template: View and edit the available email templates in localized languages.
Localize: Localize your main email template to different languages.
Import Email: Use the three-dot button to import an MSG or EML file and customize it.
Show Red Flags: Click the button for AI Ally to scan the email template and highlight suspicious elements—such as mismatched sender addresses, fake buttons, or misleading icons—while employees are expected to spot these red flags on their own.
Click Edit to make any changes or Save to complete the process.
Once described, select the Language in which the email template will be created.
If you prefer a plain text email template, do not select the Enable styled HTML format option. For an HTML-formatted email template, you may choose this option.
After providing the scenario details, click the Generate Email Template button to create your template.
Once the template is generated, complete the following sections on the Email Settings page:
Subject: AI Ally will write a subject for your email template; you may customize it.
From Name: Specify the sender's name that will be visible to the recipient.
From Email Address: Provide the sender's email address that will be visible to the recipient.
CC: Add a CC email address to your phishing simulation email.
Attach File: If desired, you can attach a file to the phishing email. This option is only available if the email template method type is set to Attachment.
Click Edit to make any changes, or Save to finalize the email template creation process.
Payroll Adjustment Notification
Make a template that seems to be from the Payroll Department, informing the user of a recent adjustment to their paycheck due to an error. Include a link where they can view the updated payment details. The tone should be apologetic for the error but emphasize the need for the user to verify the correction.
Company Event Registration
Create a template that looks like it’s from the company’s event planning team, inviting the user to register for an upcoming company-wide event. The email should include a link to a registration page and stress that space is limited, so they should register as soon as possible. The tone should be enthusiastic and encouraging.
Account Deactivation Notice
Make a template that looks like it’s from the user’s account management system, warning them that their account will be deactivated if they do not confirm their details by clicking a provided link. The tone should be formal and emphasize the importance of maintaining active status.
Software Update Required
Create a template that looks like it’s from the IT department, informing the user that a critical software update is required to maintain system security. The email should include a link to start the update process and make the tone urgent, with a focus on preventing potential security vulnerabilities.
From Name
Inserts the sender's name from the associated email template for this landing page scenario.
From Email
Inserts the sender's email address from the associated email template for this landing page scenario.
Subject
Inserts the subject line from the associated email template for this landing page scenario.
Company Logo
Displays your organization's logo, sourced from the page.
Company Name
Displays your organization's name, sourced from the company profile.
Date Sent
Inserts the date when the campaign is launched.
Current Date
Inserts the current date when the campaign is launched.
Current Date Plus 10 Days
Inserts a date that is 10 days after the campaign's launch date.
Current Date Minus 10 Days
Inserts a date that is 10 days before the campaign's launch date.
Random Number One Digit
Generates and inserts a random one-digit number.
Random Number Two Digit
Generates and inserts a random two-digit number.
Random Number Three Digit
Generates and inserts a random three-digit number.
Tags can be added to the email template to enable viewing using related tag lists.
Difficulty
The level of difficulty to recognize a phishing attempt (Easy, Medium, Hard). Please click here to see how the difficulty level is determined.
Creation Type
Filter email templates based on their creation type (e.g., Manual or AI Ally).
Created By
System: Standard phishing email templates are provided with the product.
Custom: Phishing email created or customized by users
Date Created
The date and time the email template was created
IT Policy Update Request
Make a template that looks like it is coming from our organization’s IT department, notifying the user about a critical policy update that requires their immediate review. The email should contain a link to a document that they need to acknowledge by the end of the day to remain compliant. Make the tone serious, emphasizing the importance of adhering to the new policy.
Finance Department Alert
Create a template that appears to be from our Finance Department, asking the user to verify a payment that is scheduled for today. Include a link that directs them to a secure page to review the details. The tone should be urgent and professional, with an emphasis on preventing unauthorized transactions.
HR Benefits Update
Make a template that looks like it is coming from our HR department, informing the user about changes to their benefits package. They are asked to log in to the benefits portal via a provided link to review and accept the new terms. The tone should be informative yet urgent, stressing the need to complete this before the end of the week.
CEO Urgent Assistance Request
Create a template that appears to come from our CEO, requesting the user’s urgent help in reviewing a confidential document. The CEO should mention that they are relying on the user’s expertise and that a quick response is needed due to a tight deadline. The tone should be friendly but emphasize the urgency of the task.
Suspicious Login Alert
Make a template that looks like it is coming from the organization’s security team, warning the user about a suspicious login attempt on their account. The email should urge them to click a link to verify their identity and secure their account. The tone should be urgent, with a focus on protecting the user’s account from unauthorized access.
Coworker Sharing a Resource
Create a template that looks like it’s coming from a coworker, sharing a useful resource or guide related to the user’s recent project. The email should include a link that appears to be to a legitimate document-sharing service. The tone should be casual and collaborative, encouraging the user to check it out.
Full Name
Inserts the target user's first and last name.
First Name
Inserts the target user's first name.
Last Name
Inserts the target user's last name.
Phishing URL
Inserts a phishing simulation URL for the recipient to click and view the landing page.
Inserts the target user's email address.
A phishing campaign can be launched to target users in two ways. The Fast Launch option allows you to initiate a phishing campaign quickly and easily, without having to designate any settings. However, if you prefer customization, advanced features are available to refine the campaign using the Campaign Manager option, such as Schedule, Multiple Target Groups, SMTP Delay, Expire Date, Multiple Scenarios, and Randomize to allow you to modify a variety of elements to suit your needs.
The components of the Campaign Manager page are explained below.
These settings give you the ability to edit, preview, or delete campaigns, as well as create new instances. You can also resend a campaign to specific users.
Click on the three dots “︙” button under the Action heading to adjust the following features.
In the Campaign Name column, the Instances option will provide details of the campaign, such as how many times it has been launched and the users targeted.
The components of the Campaign Instances page are explained below.
You can delete, pause, or resume a paused instance on the Campaign Instances page as well as you also have the option to view detailed reports of an instance or resend the campaign.
Click on "+ NEW" on the Phishing Simulator > Campaign Manager page to create a new phishing campaign to set up to launch target users in four simple steps:
Campaign Settings
Phishing Scenarios
Target Audience
Delivery Settings
Before launching a phishing campaign, you must create a .
Enter basic information about this campaign. The components of the Campaign Info page are explained below.
Select one scenario to send selected target users or select multiple phishing scenarios to distribute randomly.
Select target groups for your campaign.
Set email delivery options.
The components of the Delivery Settings page are explained below.
All of the phishing campaign details are easily accessible on one page, along with a preview of the phishing scenario and the landing page.
The components of the Campaign Summary page are explained below.
Click Start to launch the campaign.
Click Cancel to rescind all of the actions, then click Quit in the pop-up window. If you want to make additional edits, click Continue Editing.
The "Reply Tracking" feature allows system administrators to monitor and identify users who respond to phishing simulation emails. This not only helps in evaluating employee awareness but also provides valuable insights into how users engage with suspicious emails. By understanding user behavior, organizations can tailor their training efforts and mitigate potential risks more effectively.
Identify High-Risk Users: Track which employees engage with phishing emails by replying, so you can provide targeted training to address their vulnerabilities.
Gain Behavioral Insights: Understand what employees typically write when responding to phishing emails, which can reveal potential patterns of risky behavior.
Improve Security Awareness: Use the data collected to refine your awareness campaigns and educate employees on best practices for handling suspicious emails.
Follow the steps below to enable and utilize this feature:
Navigate to Phishing Simulator > Campaign Manager, then click the + NEW button.
Fill in the required fields. For more details on setting up a campaign, refer to the .
Enable the "Reply Tracking" option.
Enter a custom email name and select one of the simulation domains
Once your campaign is live, any employee who replies to the simulation email will appear in the campaign report under the Replied menu. You can review the details of their replies if you have enabled the "Save reply email content for review" option.
For more information about campaign reports, refer to the full documentation .
The Preferred Language feature allows you to send phishing simulation scenarios in each recipient’s preferred language. If a preferred language is not set, the system will default to the company's preferred language.
Before launching a campaign with this feature, you must assign preferred languages to users:
Navigate to Company > Target Users.
Assign a preferred language to each user.
Add these users into a Target Group.
Before creating a campaign that sends a scenario in your users’ preferred languages, make sure the scenario includes a localized email template and landing page. This ensures each employee receives both assets in their own preferred language.
Create or duplicate an , then add localized versions for the required languages using the localization feature.
Create or duplicate a , then add localized versions for the required languages using the localization feature.
Create a scenario and add your localized email template and landing page.
You can now proceed to the next section to launch your scenario.
To launch a campaign using this feature:
Navigate to Phishing Simulator > Campaign Manager.
Click the + NEW button to create a new campaign.
In the Hyper-Personalization section, select:
"Send in the target users’ preferred language"
If a scenario template is available in the user's preferred language, they will receive that version.
If a scenario template is not available in the user’s preferred language, the system will send the scenario in the company’s default language.
If no scenario template matches either the user's preferred language or the company’s default language, the system will prompt you to select appropriate language versions before launch.
This ensures that users receive scenarios in the most relevant language for them, improving the effectiveness of phishing simulations.
This tutorial covers the Campaign Manager options such as Schedule, Multiple Target Groups, SMTP Delay, Expire Date, Multiple Scenarios, and Randomize to allow you to modify various elements to suit your needs.
A: Yes. The Incident Responder investigation feature gives you the capability to delete the phishing simulation email.
A: No. You can only cancel the campaign before the launch date.
A: Yes. You can adjust the campaign settings at any time before the launch date.
A: Yes. On the Advanced Settings tab, the Exclude from reports feature provides this capability.
A: When multiple scenarios are selected for a campaign, the distribution of emails will be calculated based on the number of users divided by the number of scenarios. For example, if you have 100 users and 4 scenarios, each scenario will be sent to 25 users.
A: This header prevents Microsoft Defender from analyzing links in phishing simulation emails, ensuring accurate test results and preventing false positives.
A: This status occurs because the user clicked the simulation link and was redirected to the training enrollment page but did not click the 'START TRAINING' button to begin the training.
Until the user actively starts the training by clicking this button, their status will remain as 'In Queue'. Once they start the training, the status will automatically update accordingly.
List the phishing campaigns that were launched with training content.
Created By
The source of the phishing campaign (system, custom)
Email Delivery
The selected email delivery option, or rule.
Date Created
The date and time the campaign was created
Last Launch
The date of the most recent use of the campaign
Campaign Summary
Select training and send the training via email or redirect it immediately once the user falls for a phishing campaign.
Enrollment: Users can either be redirected to the training immediately with the "Start Training Immediately" option or opt to receive the training later through an email with the "Enroll via Email Notification" option.
Click Only: The users who click the phishing link will be redirected to the training immediately, or a training email will sent later.
Data Submission: The users who submit their credentials will be redirected to the training immediately, or a training email will sent later.
By enabling the frequency feature, you can view the date and time when the scenarios will be delivered to the selected groups.
To review the content of reply emails, enable the "Save reply email content for review" option. This allows you to view the content of the replies directly in the campaign report.
Click Next and select the scenario you wish to launch for your employees.
Configure the remaining settings as needed. For detailed guidance, refer to the "Create a Campaign" section in the documentation.
Complete the remaining campaign fields and settings as needed.
Click Next to proceed through scenario selection, target groups, and other customizations.
Click Launch to start the campaign.
Campaign Name
The name of the campaign
Instance information indicating the number of times the campaign has been launched is available next to the campaign name
Target Users
The target users who will receive the phishing email
Status
Status information of the campaign. (idle, running, completed, paused, canceled, error)
Idle = The campaign is launched and has not started yet
Running = The campaign is in progress
Completed = The campaign is delivered to all target users
Paused = The campaign has been temporarily suspended
Canceled = The campaign has been withdrawn
Error = The status field displays an error message if there is a delivery problem
Scenarios
Shows how many scenarios has been launched in the campaign.
Scenario Distribution
Shows how scenarios are assigned to users (e.g., same random scenario for all, different random scenarios for each, AI Ally selects scenario for each user or manual selection).
Method
Method type of the campaign
Preview
Preview the campaign details, including the Email Template, Landing Page, and any associated training content that was selected.
Edit
Change the settings of the relevant campaign
Create New Instance
Create a copy of the same campaign and launch it to the different target groups.
Delete
Delete the campaign
Frequency
If you have selected multiple scenarios, it shows how often the system will send the selected scenarios randomly to the selected groups.
Start Time
The date and time the campaign is launched
Target Users
The total target users that the campaign was launched to.
Status
Current status of the campaign (idle, running, completed, paused, canceled, error)
Date Created
The creation date of the campaign
Launch
Resend a campaign to a selected group
View Report
Access detailed reports of a campaign You can find more information about the report details here
Delete
Delete the campaign report
Cancel
Terminate an active campaign. The system won't send the phishing email to the users who haven't received it.
Campaign Name
The name of the campaign
Hyper-Personalization
This feature allows you to tailor simulation scenarios based on the recipient’s language preferences. You can choose from two options when launching a campaign:
Send in a manually selected language: Select a specific language to send the scenario to all recipients, regardless of their preferred language settings.
Send in the target users' preferred language: Deliver scenarios in each recipient’s preferred language. If a user has no preferred language set, the scenario will be sent in the company's default language.
Smart Grouping
Users who clicked the campaign are automatically added to the selected target group.
Tracking Duration
Select the time period you want to keep this campaign active
Mark As Test
Select this box if you want to exclude the results of the campaign from the overall company score
Reply Tracking
Enter custom reply-to address to track replies. Please click here to learn more.
Scenarios
Select scenarios to be sent to selected target users.
Type
Filter scenarios according to their method type.
Language
Filter scenarios according to their language.
Difficulty
Filter scenarios according to their difficulty level.
Category
Filter scenarios according to their threat type.
Scenario Distribution
Select how scenarios will be sent to users:
Select scenarios manually: The selected scenarios by the admin will be sent to target users.
Select random scenarios for each user: The platform will randomly select scenarios from the scenarios menu for each user. Use filters (Type, Language, Difficulty, and Category) to list scenarios from which the platform will pick randomly.
Select the same random scenario for all users: The platform will randomly select one scenario from the scenarios menu for all users. Use filters (Type, Language, Difficulty, and Category) to list scenarios from which the platform will pick randomly.
AI Ally selects scenario for each user: If you filter scenarios by Type, Language, Difficulty, or Category and then proceed to select target users, the AI Ally will choose a scenario from the filtered options for each user.
The selection will be based on each user's specific attributes, such as their Phone Number, Timezone, Company Country, and Department Name to ensure the most relevant scenario is sent to each user.
As information, Personally Identifiable Information (PII) is never shared with the AI model.
Target Audience
Choose one or several recipient groups to send the selected phishing scenarios to.
Limit Recipients
Send only to users with an active phishing reporter add-in: Select this option to send the campaign only to users with an active phishing reporter plug-in.
Send this campaign to randomly selected users: Choose this option to send the phishing campaign to randomly selected users within the target group. You have the option to choose a percentage of the group or a specific number of users.
Email Delivery
Frequency
If you have selected multiple scenarios, you can choose how often you would like to send the scenarios randomly to the selected groups.
Schedule
The date and time of the campaign launch:
Save for later: Check this box if you want to send the campaign later. To send now, click the "Now" button after opening the date and time pop-up.
Schedule for: Check this box to begin the campaign on a specific date.
Enable Region-Aware Time Zone Delivery: Send phishing simulation emails based on the target users' time zones. Users without a defined time zone will receive the email based on the organization's main time zone.
Distribution
When you launch a phishing campaign to a large audience, this feature ensures that the emails are not blocked or quarantined by the recipient's email server. It achieves this by distributing the emails over a period of time rather than sending them all at once.
Send emails when the campaign starts: As the campaign begins, emails are immediately dispatched to the selected target users.
Send emails on defined days and hours: You can determine the specific days and times when emails will be delivered to the chosen target users.
Sending limit per batch: Define the quantity of emails you'd like to send to the recipients in each batch during the chosen days and times.
Send emails with delay every: Decide on the duration of the pause between sending each batch, whether it's in seconds, minutes, or hours.
The system will automatically determine and show you the duration required to send the campaign to the designated number of recipients based on your chosen settings.
Campaign Info
The name of the campaign, the difficulty level, and the phishing technique employed. (Data Submission, Click only, Attachment)
Settings
Date and time of the campaign, the number of emails to be sent, and the email delivery info
Other
Other additional enabled settings will appear here such as "mark as test" option.
Target Users
The target users who will receive the phishing email.
Click on Preview to see the target users count and target user groups.
Email that will be sent to users
The phishing email template selected for the campaign
Click Preview to see how it will be displayed in the target users’ inboxes
Landing page for users who click on the phishing link
The landing page template selected for the campaign.
Click Preview to see how it will be displayed in the target users’ browsers
Training
Training
Schedule
This section describes the basic functionalities of phishing campaign reports, which you can find from the Phishing Simulator > Campaign Manager and click the Instances button to access the reports of the phishing campaign.
Once you go inside the Instances of a campaign, you will see reports for that campaign; click on the View Report button under the Actions column to access the phishing campaign report.
In a campaign report, there are many sub-menus that provide valuable statistics about your phishing campaign. Here are the following menus on a campaign report:
Attachment: The users who open the attached file will receive the training via email.
MFA: The users who submit their MFA code will be redirected to the training immediately, or a training email will sent later.
Reminder: The users who don't complete the training will receive additional reminder emails.
Certificate: The users who complete the training will receive a certificate. dit Training Redirect Page: The training redirect page is written in English by default, but it can be fully customized. The users who once fall to simulation will be redirected to the training redirection page if you selected the 'Start Training Immediately' option.
The Summary provides a brief synopsis of the phishing scenario and options for further action.
Download Report
An .xls format version of the phishing scenario report is available for download by clicking the Download Report button.
Resend Campaign
Resend the phishing scenario to the same target user group with the same settings by clicking the Resend Campaign button.
This section provides the opportunity to display the results of the campaign in a useful pie chart presentation.
Opened Email
The number and percentage of target users who opened the phishing email
Clicked Email
The number and percentage of target users who clicked on the URL in the phishing email.
Submitted Data
The number and percentage of target users who submitted data on the landing page of the phishing scenario.
Opened Attachment
The number and percentage of target users who opened the attachment file.
Phishing Reporters
The number and percentage of target users who reported the simulated phishing email by using the platform's suspicious email reporter add-in.
No Response
The number and percentage of target users who did not take any action in response to the phishing e-mail.
Target Groups
The total number of target groups selected for the phishing campaign.
Hyper-Personalization
With the 'Preferred Language' option, users will receive scenarios in their preferred language. Those without a preferred language will receive scenarios in the company's default language.
Smart Grouping
If enabled, users who fail at the phishing campaign are automatically added to the selected target group.
Target Users
The total number of users selected to receive the phishing campaign email.
Campaign Lifetime
The date and time the phishing campaign will be terminated. No additional data will be processed in the phishing report after the expired date.
Languages
Language used in the phishing scenario.
Scenario Distribution
Number of Categories
The number of categories of selected scenarios.
Languages
The number of languages of selected scenarios.
Method
The list of methods of selected scenarios.
Difficulty
The difficulty levels of selected scenarios.
Delivery Start - End
The date and time the campaign was started and was/will be ended to complete sending the email to all selected users.
Duration
It shows how long it took to send the campaign email to all selected users.
Delivery Status
Out of the total number of chosen users, it displays how many of them successfully received the campaign email and how many did not. Please go to menu to see more information.
This section displays general information about the content of the phishing scenario. If you selected multiple scenarios, you can switch between them to preview.
Name
Name of the phishing scenario.
Method
Phishing scenarios can be created in one of several forms.
Data Submit = Designed to detect target users who submit data on the landing page.
Attachment = Designed to detect users who open the attached file by opening the file attachment in the e-mail.
Click-Only = Designed to detect users who click on the phishing link in the email.
Difficulty
Difficulty level of the phishing scenario (easy, medium, hard)
Language
Language used in the phishing scenario.
This section displays details of the sender’s name, the difficulty level, and the phishing scenario type sent to the target users.
You can preview the email template design of the phishing scenario sent to the target users by clicking on the Preview button.
The URL, difficulty level, and scenario type of the landing page content of the phishing scenario sent to the target users are displayed here.
You can preview the landing page design of the phishing scenario sent to the target users by clicking on the Preview button.
This section displays the information of the target users who opened the phishing scenario email.
First Name
First name of the target user
Last Name
Last name of the target user
Email Address
Email address of the target user
Department
Department of the target user
Preferred Language
User's preferred language that is set from the Target Users menu.
This section provides details of the target users who clicked on the phishing link.
First Name
First name of the target user
Last Name
Last name of the target user
Email Address
Email address of the target user
Department
Department of the target user
Preferred Language
User's preferred language that is set from the Target Users menu.
Scenario Name
Name of the phishing scenario that is sent to user
This section displays details of a target user who submitted data on the landing page of the phishing scenario.
First Name
First name of the target user
Last Name
Last name of the target user
Email Address
Email address of the target user
Department
Department of the target user
Preferred Language
User's preferred language that is set from the Target Users menu.
Password Complexity
Complexity level of the password submitted on the landing page of the phishing email. (very weak, weak, medium, strong, very strong)
TIP: The platform only captures the length and the first character of a password. Click for more information.
This section displays the details of a target user who opened the attachment file.
First Name
First name of the target user
Last Name
Last name of the target user
Email Address
Email address of the target user
Department
Department of the target user
Preferred Language
User's preferred language that is set from the Target Users menu.
Scenario Name
Name of the phishing scenario that is sent to user
This section displays the details of target users who did not take any action in response to the phishing email.
First Name
First name of the target user
Last Name
Last name of the target user
Email Address
Email address of the target user
Department
Department of the target user
Preferred Language
User's preferred language that is set from the Target Users menu.
Scenario Name
Name of the phishing scenario that is sent to user
This section provides details of target users who reported phishing emails using the phishing reporter add-in.
First Name
First name of the target user
Last Name
Last name of the target user
Email Address
Email address of the target user
Department
Department of the target user
Preferred Language
User's preferred language that is set from the Target Users menu.
Scenario Name
Name of the phishing scenario that the user reported.
This section provides a summary report of the delivery of the phishing email to the target users.
First Name
First name of the target user
Last Name
Last name of the target user
Email Address
Email address of the target user
Department
Department of the target user
Preferred Language
User's preferred language that is set from the Target Users menu.
Scenario Name
Name of the phishing scenario that is sent to user
When a user submits a form containing a password field, we evaluate the password using a scoring system that determines how strong or weak it is. This score is based on the structure and patterns used in the password.
We do not store or receive full user passwords. Before the form is submitted:
Only the first character of the password is kept.
All remaining characters are replaced with asterisks (*), e.g. P********.
This ensures that no actual password is transmitted or stored, supporting both user privacy and compliance with security best practices.
Positive Scoring Factors
Length
length * 4
Longer passwords score higher
Uppercase letters
(length - uppercaseCount) * 2
More uppercase letters (A–Z) = more points
Lowercase letters
(length - lowercaseCount) * 2
More lowercase letters (a–z) = more points
Numbers
count * 4
Negative Scoring Factors
Only letters
-length
No digits or symbols = deduction
Only numbers
-length
No letters or symbols = deduction
Repeated characters
-variable penalty
Penalized based on how often characters repeat
Consecutive uppercase
-count * 2
Complexity Rating (Based on Score)
0–19
5 (Very Weak)
Needs major improvement
20–39
4 (Weak)
Below average
40–59
3 (Moderate)
Meets some standards
60–79
2 (Strong)
Thank you — here is the final version incorporating that bot activity may apply to both "Opened Email" and "Clicked Link" events, and still maintaining the correct documentation format with only one Heading 2 and one Subheading 3:
In phishing campaign reports, Human Activity refers to real actions taken by users, such as opening emails, clicking links, or submitting data. In contrast, Bot Activity represents automated interactions triggered by email security systems, spam filters, or sandboxing tools. These bots scan emails and follow links as part of their protective duties—sometimes even before users see the message.
Bot activity may appear in both Opened Email and Clicked Link sections of the report. For example, if a security system opens an email to analyze it, or clicks a link to test the destination, these actions may be captured and flagged as bot interactions.
To ensure accurate reporting, the platform automatically detects and labels such activity based on predefined detection rules. Any record classified as Bot Activity will carry a special tag and can be excluded from the view by clicking the “Hide Bot Activity” button. Admins can also hover over the info (ⓘ) icon in the Activity Type column to see which rule was triggered.
The detection rules are:
A1 – Unusual User-Agent Interacted: Triggered when an atypical or suspicious user-agent (browser identifier) is detected.
A2 – Honeypot Link Reused: The hidden phishing link inside of the email clicked multiple times by the same IP and user-agent within 5 minutes—indicating automation.
A3 – Same-Second Activity Spike: Multiple activities occurred at the exact same time, which is unlikely for human users.
A4 – Stop Bot Activity Challenge Failed:
A4.1 – The phishing link was clicked, but the invisible browser javascript challenge was not passed.
A4.2 – The browser failed to load required scripts that a real user’s browser would normally execute.
If customers see several entries marked as Bot Activity, it typically means that their security tools pre-screened the phishing simulation links. To evaluate real user behavior, they should filter the report by Activity Type or use the “Hide Bot Activity” toggle. For better accuracy in future simulations, they may consider whitelisting Keepnet domains to reduce interference from automated systems.
By filtering out bot noise, organizations gain a clearer understanding of true user actions and risk levels.
This tutorial describes the basic functionalities of phishing campaign reports which you can find in the Campaign Reports menu.
A: Yes. You can download a report that provides details of the campaign by clicking on the Download Report button.
A: No. The information in the report cannot be changed.
A: Yes. The resend function allows you to send the phishing scenario to any user you select.
A: Yes. The Sending Report option provides you with a view of the current activity of the phishing scenario.
A: Yes. You can transfer all of our reports through an API, enabling you to use the information as needed to suit your business. Additional information on APIs is available here.
A: The differences are explained below.
"Only Opened Emails" will show the users who only opened the email and didn't go further, such as clicking the link.
"Only Clicked Links" will show the users who opened the email and then clicked the link and didn't go further, such as data submission.
"Opened Emails" will show the users who opened emails. It doesn't matter if user clicked the link or submitted any data.
"Clicked Links" will show the users who opened and then clicked the link. It doesn't matter if the user submitted any data.
A: Please see below how the Sandbox Activity Detection feature works to identify false positive clicks.
Rule 1: User Agent Signatures: We have a list of 10+ sandbox user agent patterns. If a user action matches these, it's flagged as sandbox activity.
Rule 2: Honeypot Link: We embed invisible "Honeypot" links in our emails. While humans can't see or click them, sandboxes often access them, revealing their presence.
Rule 3: Request Header Analysis: By examining request headers, we can identify unique characteristics that differentiate sandbox activities from real user actions.
A: If users did not receive the simulation email via DEC and show the error 'The process failed to get the correct properties' in the Sending Report section of the campaign report, it may indicate that these users have been deleted, do not have an email license, have no inbox, or have been deactivated. Please check the users in your Microsoft 365 admin panel to ensure they are all active and have a valid mailbox license.
Shows which scenario distribution setting is used for the campaign. See more info about the scenario distribution feature here.
Reply Tracking
Shows if the reply tracking feature is enabled or not for the phishing campaign.
Scenario Name
Name of the phishing scenario that is sent to user
Scenario Language
Language of the related scenario that was sent to user.
Last Opened
Date and time a target user last opened the phishing email
Times Opened
Number of times a target user opened the phishing email
Hide Sandbox Activity
If a sandbox solution has analyzed the simulated phishing email that is generated for the target user, you can choose to show or hide this false positive information in the menu.
Activity Type
List the human or sandbox activities by using one of the following options.
Human Activity: The human has opened the simulated phishing email.
Sandbox Activity: The sandbox solutions have opened the simulated phishing email.
Action
The Resend button allows you to resend the same phishing email.
The Details option shows the date and time a user opened the phishing email, the user agent, browser information, geolocation, IP information, and other information.
Scenario Language
Language of the related scenario that was sent to user.
Last Clicked
Date and time the user last clicked on the URL in the phishing email
Times Clicked
Number of times the user clicked on the phishing link
Hide Sandbox Activity
If a sandbox solution has analyzed the simulated phishing email that is generated for the target user, you can choose to show or hide this false positive information in the menu.
Activity Type
List the human or sandbox activities by using one of the following options.
Human Activity: The human has clicked the simulated phishing link.
Sandbox Activity: The sandbox solutions have clicked the simulated phishing link.
Action
The Resend button allows you to resend the same phishing email.
The Details option shows the date and time a user opened the phishing email, the user agent, browser information, geolocation, IP information, and other information.
Scenario Name
Name of the phishing scenario that is sent to user
Scenario Language
Language of the related scenario that was sent to user.
Last Submission
Date and time that the user last submitted data on the landing page of the phishing scenario
Times Submitted
Number of times that the target user submitted data on the landing page of the phishing scenario
Action
The Resend button allows you to resend the same phishing email.
The Details option shows the date and time a user opened the phishing email, the user agent, browser information, geolocation, IP information, and other information.
Scenario Language
Language of the related scenario that was sent to user.
Last Opened
Date and time that the user last opened the attachment file
Times Opened
Number of times that the target user opened the attached file
Activity Type
It shows if the user has Bot Acvitiy or Human Activity data for the campaign.
Action
The Resend button allows you to resend the same phishing email.
The Details option shows the date and time a user opened the phishing email, the user agent, browser information, geolocation, IP information, and other information.
Scenario Language
Language of the related scenario that was sent to user.
Last Send Date
Date and time that the phishing email was sent to the target user
Action
The Resend button allows you to resend the same phishing email.
Scenario Language
Language of the related scenario that was sent to user.
Last Reported
Date and time when a user reported the phishing email using the phishing reporter add-in.
Times Reported
Number of times that a user reported the phishing email using the phishing reporter add-in.
Action
The Resend button allows you to resend the same phishing email.
The Details option shows the date and time a user opened the phishing email, the user agent, browser information, geolocation, IP information, and other information.
Scenario Language
Language of the related scenario that was sent to user.
Email Delivery
Which SMTP is used to deliver the simulation emails to the users.
Date Sent
The last date and time that the email has been sent to target user.
Delivery Status
Status of the phishing email sent to the target user
In Queue = The phishing email is in the queue to be sent.
Successful = The phishing email was sent successfully.
Error = An error occurred in the delivery of the phishing email.
Cancelled = This user was eliminated as a target for this phishing campaign.
Action
The Resend button allows you to resend the same phishing email. The Details button allows you to see the email delivery details.
Numbers increase the score
Symbols
count * 6
Symbols (!@# etc.) give a strong boost
Middle numbers/symbols
count * 2
Placing numbers/symbols in the middle adds bonus
Meets requirements
# of types used * 2
Bonuses for using at least 3–4 character types
Sequences like "AAA" are discouraged
Consecutive lowercase
-count * 2
Same logic as above with lowercase
Consecutive numbers
-count * 2
Same logic with digits
Sequential letters (abc)
-count * 3
Penalizes predictable patterns
Sequential numbers (123)
-count * 3
Sequential symbols (!@#)
-count * 3
Good overall security
80–100
1 (Very Strong)
Excellent password