Today we’re walking through the process of running a phishing test, specifically a Zoom “Your call has started” phishing test.
Zoom is a very effective phishing tactic in today’s remote world. Nothing triggers you fight or flight like seeing a notification for a meeting you “forgot about”.
The lesson of this test is for users to be careful to just click right through an email when it’s urgent. By inspecting the URL, and even double checking their calendar, they can realize that this phishing email is fake.
To follow along step by step, you’ll need Hook Security’s Phishing Simulator. If you aren’t a Hook Security customer, you can get a free trial here.
To get started, navigate to Tests / Campaigns > Create Campaign.
This will open the Campaign Wizard. The Campaign Wizard is the central location where you can configure individual simulated phishing tests or campaigns which contain multiple tests to be executed at the time of your choosing.
At each step of the campaign wizard, when you click the "Save & Next" button, the state of your campaign configuration will be saved, and you will be able to continue editing where you left off at a later time.
Here’s a quick outline of the process we’ll follow:
- Initial Campaign Setup
- Course Auto-Enroll (optional)
- Choosing the Phishing Template
- Target Selection
- Verify & Run Test
The first step in configuring a campaign is the Campaign Setup stage. Here you will give your campaign a name, choose a group(s) for testing, and schedule simulated phishing emails for sending.
1. Campaign Name: Choose a name for the campaign. We recommend naming your campaigns descriptively, e.g., "Zoom Call May 2021".
2. Groups: Select the group or groups that you wish to test. If you select multiple groups for testing, you will not be able to omit individual targets in the groups being tested. However, you will still be able to exclude targets using filter parameters at the Target Selection stage.
If you select a single group, you will have the option of choosing individual targets or the entire group. If you wish to select targets from a group for testing, make sure to select "Yes" on the respective select switch.
3. Courses: Switch course auto-enrollment on or off for failing targets. If this is on, targets that fail the simulated phishing test will automatically be enrolled in the courses of your choosing. If this option is enabled, it will reveal the Course Auto-Enroll step in the campaign creation wizard.
4. Admin Notifications: This switch allows you to configure notifications when test targets record actions on simulated phishing emails. I.e., you can be notified when targets fail tests. When the option is on, a new form will appear where you can configure the notifications.
- Email Alerts: In this select menu, you can choose the frequency of email alerts; daily, weekly, monthly, or quarterly.
- Recipients: Specify email addresses that will receive alert emails, separated by commas.
- Note: DO NOT PUT SPACES IN THIS FIELD.
- Webhook URL: Specify a URL where you would like the Webhook response to post.
5. Target Notifications: This option allows you to send pass or fail notifications to targets being tested at the end of the campaign.
6. Frequency: Specify whether you would like the test to run one time or repeat in the future, the number of repetitions, and how often you would like the test to recur. For the purposes of our campaign, we’ll go with a one-time test
7. Start Date, Time, & Timezone: Specify a starting date, time, and timezone for the test to begin. Click the calendar or clock icons for an interactive graphical date/time picker widget.
8. Sending: This section contains options related to how you would like the simulated phishing emails to be sent.
- If the "Send all emails when the test campaign starts at 'x' per hour" option is checked, then emails will be scheduled to send at the rate specified in the "per hour" field. The emails will be scheduled to send evenly distributed over the hour, per hour, until all the emails in the test have been sent. The default is for 1000 emails to be sent per hour, and the minimum is 25 emails per hour.
- If the "Send 'x' emails per target over 'y' Business days/weeks/months" option is checked, then the emails will be scheduled to send randomly on the days and hours that you specify. Click the clock icons to view an interactive time picker widget and set the business hours, and check or uncheck the boxes associated with the days of the week that you would like emails to send. The "'x' emails per target" number represents the number of templates you want to send to a target per test; you will need to select the same amount of email templates that you specify in this field for each repeated test.
- Note: If the test is scheduled to begin on a day of the week that you do not wish to send emails, emails will not start sending until a day that you have specified for sending. This is also true for repeated tests. If a start date occurs on an off day, the emails will not send until a selected day of the week has been reached.
9. Track Activity: Specify how long you would like to track activity after all of the emails have been sent. The default, and recommended minimum, is one week. After the period specified here ends, the test will no longer track actions on phishing emails.
Once you have finished the Campaign Setup stage, be sure to click "Save & Next" to move to the next step of campaign configuration.
If you enabled course auto-enrollment during the Campaign Setup stage, the next step is configuring course auto-enrollment.
The course auto-enroll step allows you to auto-enroll targets into selected courses based on their failure type on a group-by-group basis. Each row represents a different group that is being tested. If you have selected courses on the Edit Group page, these will be prepopulated for you here.
For our Zoom campaign, we’re going to provide instant training on the landing page itself, so we’ll skip this step.
The next step in creating a campaign is selecting the phishing email templates you intend to use to test targets. You can add custom templates you have built or edited in your account, or you can use pre-made templates from the Portal template library.
This is where we select the Zoom template.
Click on the Template Library and search “Zoom”
Next, select the template titled Zoom Meeting Invite
Once you click on the “get” button, you’ll be brought to a screen where you can review and add edits to the phishing template and training page template.
You can configure tons of settings here, including the email info like the subject and ‘from name’, and set tracking settings.
You can also make edits to the training page here.
By default, this training page is ready to go, and even includes a training video that references this exact email!
After configuring the email templates you wish to use for the Campaign, click "Save & Next" to move to the next stage of the campaign wizard.
The target selection step can be a pretty quick step if you didn’t turn on “Select Individual Targets” in the campaign setup, you can quickly move on to the next step as all targets will be selected.
Otherwise, you can individually select targets here.
After selecting and editing targets as desired, make sure to click "Save & Next" to save your changes and move to the next step.
Verify & Run Test
This is the final stage of campaign creation. In this step, you are prompted to authorize any domains that have not been authorized for testing, and you are given the option of reviewing the test configurations.
1. Domain Info: This section contains information about the domains being tested, accounts, and groups that the domains are associated with their respective columns.
2. Domain Authorization Emails: Enter the name and email address of the person(s) who will be authorizing the tests in their respective fields. Once domains have been authorized for testing, tests will begin as scheduled.
3. Group Targets: Click the arrow to expand the Group Targets information section. This section displays the group(s) being tested and the number of targets in each group, respectively.
4. Campaign Tests: Click the arrow to expand the Campaign Tests information section. The Campaign Tests section will display every test in the campaign, the sending method, start date, end date for email send, end date for data collection, and total test length.
5. Templates Used: Click the arrow to expand the Templates Used section. This will display all the phishing email templates being used in the tests and the from email address of the template.
After you have reviewed your tests and templates and submitted the authorization emails for the domains you are testing click the "Finish!" button to schedule the tests. The test(s) will begin on the dates scheduled when all domains have been authorized for testing.
You did it!
Alright, you’ve done it! Time to watch the emails go out and the results come in.
If you need any assistance setting up this campaign, shoot an email over to firstname.lastname@example.org and we’ll help you out!
If you’re not a Hook Security customer and would like to try this out yourself, get a free trial here.
And, as always…
Stay aware out there!