Knowledge Base

How to create a phishing campaign for Webroot Security Awareness Training

  • 14 June 2019
  • 0 replies
  • 363 views
How to create a phishing campaign for Webroot Security Awareness Training
Userlevel 3
Badge +15
Phishing campaigns are an important part of Security Awareness Training and enable Administrators and Security Consultants to send customized simulated phishing messages to users. Phishing campaigns can be configured to direct tricked users to educational courses and infographics, a customized lure page or a broken link page. There are a variety of reports that can be used to help evaluate how effective the campaign was, once the campaign completes.

More detailed information on creating campaigns, including screenshots, is available in the User Guide.

Before setting up a phishing campaign, it is best practice to setup the email domain(s) and import the targets (or users).

Creating a phishing campaign:
1. Log into the Webroot Management console.
2. Open the Security Awareness Training console.
3. From the left hand navigation menu click New Campaign, which opens the Starting a Campaign page.
4. Under Phishing Simulation, click the Start a new simulation link, which opens the New Campaign Wizard page.
  • 5. In the Simulation Basics screen:
  • Provide a Simulation Name.
  • Provide a Description.
  • Optional step. Click Show Advanced Options to change start date, randomize delivery options, set the expiration (stop) date, set notification options and option to enable target email address anonymization.
  • Click Save Simulation to proceed.
6. Click Save/Next to open the Simulation Wizard: Unlaunched page.
7. The Targets screen displays.
Targets are where the simulation messages are sent.
Check the boxes for the targets to include in this phishing simulation, click Save/Next to proceed.
8. The Design Phishing Email screen displays.
  • Click the drop-down menu under Email Template to see a list of all the templates available. Typing in this box will filter the results.
  • Select a template to view it. If the template is adequate and can be used for the campaign as loaded, click Save/Next to use that message for the campaign.
Note: For more information on customizing email templates, click here.
9. The Design Phishing Site screen displays. Here you will decide to direct the users to an Education Page, a Lure Page or a Broken Link.
  • Education page: Used to direct tricked targets to training modules or customizable educational infographics.
  • Lure Page: Lure pages are optional and used to an add extra web landing page after a user clicks an email lure and before you take the user to education or a broken link page.
  • Broken Link: A Broken Link page is a page that displays what looks like a broken website, similar to a 404 page.
  • Use Site Type selection bar to select Education Page, Lure Page or Broken Link. Customize the page selected, click Save/Next to proceed.
10. The Review and Launch screen displays.
  • Test it using the orange Send test to email address button in the top right part of the screen to send a test message to the same email address used to verify the domain.
  • Launch the phishing campaign using the green Launch Simulation button in the top right part of the screen.

Click a topic below for more information:
Programs and Campaigns - explained
How to create a training campaign
How to create a program
Working with email messages
How to verify domains and load targets
How to use tags
Reports available
How to setup notifications

This topic has been closed for comments