Skip to main content

TitanHQ Product Docs

Create Simple Phishing Campaign

For your first phishing campaign, create a simple or "ad-hoc" phishing campaign by following these steps:

  1. From your admin dashboard, go to Phishing Manager, where you can see the phishing campaigns list. Note that on a new portal, this list is empty.

  2. Select Create a new campaign to open the Phishing Campaign Wizard. After reading information about the wizard, click Next to continue, or Cancel to exit.

  3. In the next window, you can select the Send Mode and set up the email template:

    1. For Send Mode, select the way you want the email to be sent:

      • Normal: One phishing email is sent to all recipients simultaneously at publication time.

      • Batch: One phishing email is sent to all recipients at different times over a selected time period beginning at publication time. Recipients receive their email at different times which reduces a "tip-off" effect.

      • Burst: Multiple phishing emails are sent to all recipients at different times over a selected time period beginning at publication time. Recipients receive different emails at different times further reducing a "tip off" effect.

    2. To create the email template, you can make selections from the following:

      • Template Type: Select the checkbox(es) to display templates based on their type, such as Home and Personal; Business; C-Suite; Attachments.

        Note

        C-Suite refers to executive titles in an organization where C stands for "Chief", such as Chief Executive Officer of Chief Financial Officer. C-Suite is available once C-Suite information has been populated. This can then be used for CEO mock phishing campaigns.

      • Category: Email templates can be displayed according to their categories, such as Banking, Shopping, and so on.

      • Complexity: You can display templates based on how complex you want them to be: Low, Medium, High.

      • Creator: You can choose from templates that are pre-populated or ones you have created.

      The list of templates automatically responds to the selections you make to display what is available.

    3. For further help in locating a template, you can use both the sort and search functionality.

      • Click the up/down arrow in the column titles to sort the contents in ascending or descending order.

      • Enter a word in the Search field to filter results with that word.

    4. Select Preview under Actions to read the email template. Once you are satisfied with the one that you want to send, select the checkbox beside the template and then select Next. Alternatively, select Back to return to the previous page or Cancel to exit.

  4. Next you can enter the campaign details, which include:

    • Use attachment: If you want to include an attachment in your email, select Use Attachment, and then click the download icon in the Attachment name field to attach it.

    • Attachment Name: Name of the attachment.

    • Attachment type: In the Attachment type field, select HTML, Word or Excel to identify the file type.

    • Phishing Form: Select the phishing form you want the user to see in the Phishing Form field.

    • Trigger: The Trigger field displays a range of actions that a user could take on a phishing form. Based on the option you select, the user receives a warning message after performing that action, as described below:

      • None: If you want to track a user's actions without sending them a warning message, select this option.

      • Enters Field: User clicks in either the User Name or Password field in the phishing form, which triggers the warning message.

      • Types in Field: Select this option if you want the user to get a warning message when they attempt to enter information in any of the phishing form fields.

      • Posts Form: User completes form and attempts to submit it, triggering the warning message.

    • User Feedback Message: SafeTitan provides the facility to create customized user feedback messages. These messages are presented to the recipient upon clicking on an embedded phishing email link or opening a phishing attachment. When using your portal for the first time, a SafeTitan default user feedback message is available. You can preview the user feedback message by selecting the preview button to the right of the User feedback message option.

    • Campaign Name: The campaign name is needed to identify and refer to the campaign in future. This is an editable field that contains a default name consisting of the template name + date/time stamp.

    • Campaign Description: This is an editable field that contains the name of the email template by default.

    • Training Recipients: Here you can add the groups or departments you wish to receive the phishing email. Remember: At startup, you are the only user on your portal and you are a member of the "Default Department". For your first campaign, simply select the "Default Department" unless you have created a new department and moved your username into that department. If you have other users in your department, it is recommended that you test your first campaign on yourself and maybe a colleague so be aware of the department or group you select here. See managing users and groups for more information.

    Select Next to continue, Back to return to the previous page, or Cancel to exit.

  5. To schedule when you want the phishing campaign to run, complete the following details:

    • Publish start: Select the date and time you want the phishing campaign to start, which is when your emails begin sending. This date must be a minimum of one hour from your current time.

    • Publish end: This field is only available if you have chosen either Batch or Burst mode when setting up the template. It automatically sets the time that the delivery of emails ends. The number of emails within this time are evenly spaced out to the number of users you've targeted.

    • Batch Amount: This field is only available if you selected Batch mode when setting up the template. You can use the sliding bar to change the amount of email batches for the duration of the campaign.

    • Stage Time: This field is only available if you selected Burst mode when setting up the template. You can slide the bar to schedule email frequency and note that the Summary field automatically updates this information.

    • Completion date: Select the date and time you want the phishing campaign completed in your system. This date must be a minimum of 30 days from your Publish start date.

    Select Next to continue, Back to return to the previous page, or Cancel to exit.

  6. Next, you can configure the following options for the phishing campaign:

    • Locale: From the dropdown list, select the language for the email.

    • Override user's default locale: When a new user is being set up, they are given a default language. If you select Yes in this field, you can override the user's locale and use the language you selected in Locale for the email. The default is No, which means that the user's default language will be used in the email.

    • Create Reactive Training: Select Yes, if you want to prepare a reactive training campaign. Reactive campaigns automatically enroll users in training based on phishing email activity. Examples of this include: opening email, clicking on link, opening an attachment and so on. It is recommended that you keep the default setting of No for your first campaign, and do not create reactive training.

    • Is Test Campaign: If you select Yes, then you can configure the campaign as a test so that the results are not recorded. This means that the company statistics are not impacted by mock phishing attempts.

    Select Next to continue, Back to return to the previous page, or Cancel to exit.

  7. Your email template contains default values pertaining to the sender and subject.  You can customize these values by following the steps below.

    • Email: Edit the name of the email sender, such as info or admin. In the @ field, you can change the domain of the email sender, for example, e-messages.com or e-owa.com.

    • Name: Edit the sender's name as you want it to appear in the recipients' email inbox.

    • Subject: Edit the subject.

    Note

    If you want more spoofing domains, please contact Support to have them added.

    Select Next to continue, Back to return to the previous page, or Cancel to exit.

  8. Review the summary of your campaign and when you are satisfied that the information is correct, select Submit. If you notice an error, you can go back to the previous steps and make changes. The Campaign Summary page will automatically update.

    Alternatively, you can select Cancel to exit without saving your changes.

  9. You can see your unpublished campaign in the phishing campaign list in Phishing Manager, which you automatically return to after saving the campaign. Beside the Unpublished status in the Actions column, you can select View to review phishing campaign details and reports.

Following the creation of your first phishing campaign, learn how to review the phishing campaign results.