Running Phishing Campaigns

Catch Phish Email Analysis Tool.


Access to the MPaware Portal 

The Process

One-Time Phishing Campaigns

1. MPaware - Whitelisting IPs for Phishing Simulation

2. Open your desired customer

3. Select the “Phishing” tab 

4. Click the “New Phishing Campaign” button to begin

5.  Enter a “Campaign Name

6. Select “Once” as the “Frequency” of the campaign.

7. Set the “Begin Date” of your campaign.

 If “Demo Campaign” is selected (optional), this campaign will not affect a user’s Employee Secure Score (ESS).

 Select the business hours you wish for this campaign to send between along with your client’s time zone.

 Select if you’d wish to send a notification email two days prior to launch then type in the email (only one email can be added)

11. Select the number of days (1-6) you’d wish the campaign to send over. Selecting “1” will send all the emails on the start day. Numbers higher than 1 will split and send campaigns equally across the selected days.

12. Click “Next” to proceed to the next section.

13. Select the recipient(s) you would like to send the campaign to.

14. The employees can be filtered by Tag level and Role. Additionally, a Search feature is available to quickly find a specific employee.

15. To select all users, click on the checkbox at the top of the user list next to “Name”

16. Click “Next” to proceed to the next section

17. Select a phishing scenario(s) you would like to send. Use the “Next” and “Last” buttons at the bottom of the box to page through the library of templates. If multiple campaigns are selected, they will be randomly distributed amongst the selected users.

18. Click on “Preview Template” to preview what users will be sent once the campaign is initiated.

19. The scenarios can be filtered by Difficulty level and Country. Additionally, a Search feature is available to quickly find a specific scenario. 

20. Certain campaigns now offer a “Capture Submitted Data” feature. If “Yes” is shown in this column, the scenario includes a fake landing page that users will be directed to after clicking on the initial phishing link. The fake landing page will prompt the user to enter their login credentials or other information. If submitted, no data will be saved, but the user will lose more points off their ESS than they would for just clicking on the link. 

21. Click “Next” to proceed to the next section

22. Review your phishing settings and click “Create Campaign” to launch your campaign! You may View, Edit, or Delete this at any time in the Phishing Campaign List.

Phishing Reports 

1. Select the “Phishing” tab
 The list of active and completed campaigns will be shown within the table. 

3. A single “Report” is available for each campaign, or a “Multi-Report” can be downloaded which encapsulates the
entire subset of campaigns within the AutoPhish campaign.