How to run phishing assessments with web training?

In order to run a phishing assessment with web training, please follow the steps below:

  1. Login to Security Center.
  2. Click Phishing & Awareness Training > Assessments> +Start new assessments.
  3. Under General information enter the following:
    • Name: the name of the assessment, e.g. Assessment all staff July 2017 .
    • Owner: select the owner of the assessment.
    • Starts on: select the date and time when the send out will be done and the assessment is started.
    • Timezone: select the timezone.
    • Privacy:
      • Anonymize collected user data: select if sendout should be anonymous. 
      • Do not track severity and risk trend for recipients: select if tracking should be disabled. 
    • Assessment duration: the duration for the assessment. After the number of days have passed the assessment is closed and no more statistics are collected.
  4. Under Phishing Sendout make the following settings:
    • Phishing sendout:
      • Template: select the template for the assessment.
      • Duration: the duration for the assessment. After the number of days have passed the assessment is closed and no more statistics are collected.
    • Frequency:
      • All emails at once: this setting will send out all emails at once. 
      • Distributed over time period: this setting will let you select a distribution period for when the emails will be sent.
        • Distribution period(min): this setting needs to be greater than or equal to 30 or less than or equal to 10080 (one week) 
      • In batches: this setting will let you select if the emails will be sent in batches on a set time.
        • Batch size: the amount of recipients in the batch that will be sent.
        • Sent every (min): how often the emails will be sent
  5. Under Recipients make the following settings:
    • All: select this option if you want the assessment to target all recipients in the system. 
    • Custom recipients: select this option if you want the assessment to target a specific group of recipients. Under Tags select the groups you want to target,
    • Under Exclude you can exclude specific recipients and groups by doing the following:
      • Recipients: select specific recipients to exclude.
      • Tags: select specific recipients to exclude.
  6. Under Awareness Training: make the following settings:
    • Awareness training: Awareness training is an automated education when it's activated each recipient will be invited to during the assessment. The content of the training can be tailored to each user based on the user's actions in the phishing sendout.
      It’s important to setup a SPF record before the assessment is launched.
      Read how this is done here  
    • Check the box if you want to Include web training outcome when calculating risk score
    • Click Add new training session:
      • Under Setup: choose Web training.
    • Under Start Conditions:
      • Set the Start delay to when you want to send a phishing training session -  - by default it’s 0 days
        (NOTE! Max duration + start delay shouldn’t be longer than the duration of phishing sendout)
        • Start 0 days after any activity was performed. (To start the web training in 0 days after the recipients have clicked on the email)
        • Start after 0 days. (To start the web training in 0 days even if the recipients has not clicked on the email)
        • You can also skip the Web training session when the max duration is reached.:
    • Under Reminders:
      • Do not send any reminders to recipients who have not finished this training session.
      • You can also send one or multiple reminders to recipients who have not finished this session after receiving the invite.
        • you can send a reminder after e.g. 2 days.
        • and also send an additional reminder for e.g. 3 days for a max amount of e.g. 2 times.
  7. Under Notifications you can enable notifications before and after the assessment.
  8. Click OK.
  9. Done!
Have more questions? Submit a request


Please sign in to leave a comment.