Spear phishing is the act of sending an email to a specific and well-researched target audience while pretending to be a trusted sender. A phishing email is sent to a large number of individuals with generic and no targeted information. Rather, a spear-phishing email is purposefully built by a threat with the hopes of penetrating an entire organisation. It is well researched with names, roles, trusted company names and branding to catch individuals out. If a single individual engages with a spear-phishing email, it can compromise the entire organisation.
It is important to test your organisation using spear-phishing templates to ensure they are always thinking about cyber security and reporting malicious emails.
This article will cover how to use the spear-phishing feature to send a specific template to a select user/s or group.
Note: It is recommended that you create your own template that is tailored to your organisation. This allows you to also make it as sophisticated as you want, however, you are still able to clone and use one of the existing templates within the portal.
How to Set Up a Spear Phishing Campaign
1. In your dashboard, go to the Learning Paths tab
2. Select the drop-down arrow next to the New and select Spear Phishing.
3. Provide a name for the spear-phishing campaign. This will appear in your learning paths timeline.
4. Select an email template by using the search bar or Create New Email Template
5. Once you have chosen a spear phishing template, click on it then select Yes, go ahead!
6. Next, select the individuals that will receive the spear-phishing campaign. Here you can use the keyword search to find the individuals or group by segment.
Note: If you have user synchronisation you are able to use any attribute you have previously synchronised to the portal.
Or you can use criteria based targeting to search and select individuals in the selected segment. The list of individuals will update for that segment and you can search and select those individuals.
7. Once the learners have been selected, select Schedule to continue.
8. With all the following options you are able to drag and drop them into the colour coordinated blocks.
*Note: you can now schedule same-day spear phishing that will be sent 30 minutes after scheduling has been completed.
- First select the date. You can choose from the options available. Once selected please choose the date or date range and click the tick at the bottom.
- Second, select what time you would like the email sent with the options available. Once selected please choose from the options if required and click the tick at the bottom.
- Thirdly, as optional criteria, you are able to select the time zone. Once selected please click the tick at the bottom.
Note: If you select no time zone it will be the default GMT(+10:00)
- Finally, select how often you want to repeat with the options available. Once selected please choose from the options if required and click the tick at the bottom.
Note: You will only be able to select an option that relates to your date choice. If it does not you will receive this error with suitable options.
9. Once all options are filled please select Summary to continue
10. The summary screen allows you to review the spear-phishing scheduler options. Select the back button to make changes. Once you confirm the scheduler, please select Finish.
The Spear Phishing campaign has now been created and you can view it from the Learning Paths tab.