Mimecast Awareness Training: Managing Phishing Campaigns

Document created by user.oxriBaJeN4 Employee on Sep 27, 2018Last modified by user.oxriBaJeN4 Employee on Aug 20, 2019
Version 13Show Document
  • View in full screen mode

This guide describes how administrators can manage phishing campaigns as part of the optional phishing extension. It allows you to simulate phishing attacks and send them to groups of users as part of a campaign. To do this you need to create a:

  • Email template to send to users.
  • Phishing campaign.


Phishing Configuration


To use the phishing extension, the following configuration is required:

  • Select the "Enable Phishing" option in your company settings. See the Configuring Administration Preferences page for full details.
  • For MimeOS customers, all phishing notification emails are sent to the postmaster email address specified in the "Notification Postmaster Address" option of your account settings. A default address is created on each Mimecast account, but to prevent messages from this address being blocked by your firewall:
    • Ensure the required email address is specified in your account settings. See the Your Mimecast Account Settings page for further information.
    • Add the URL of the phishing campaign's landing page to your firewall's whitelist.


Email Templates


Phishing Templates

We provide a number of default single and multiple page email templates for you out of the box. These cannot be changed, but you can create your own custom template if they don't meet your requirements (see below).


To list your phishing email templates:

  1. Click on the Phishing toolbar button.
  2. Your templates are automatically displayed in the Email Templates tab. These are grouped into the following sections:
    • Single page templates
    • Multiple page templates
    • Custom templates
Click on the View Email link at the end of the template's summary to display a preview of the email that will be sent as part of the phishing campaign.

Creating a Custom Template


If you can't find a template that meets your requirements, you can copy one of the single page templates and modify it or create your own custom template. Our multiple page templates can't be copied.

If you require a localized version of a template in a language that is unsupported by a campaign (e.g. Polish), create a copy of the template complete with the translated copy.

To create a custom template:

  1. Either click on the:
    • Copy button to the right of a Single Page Template.
    • Create Template button in the Custom Templates section.
  2. Complete the Create Custom Template dialog as follows:
    If a single page template has been copied, the dialog is already completed with its details but can be changed as required.
    Field / OptionDescription
    Display TitleSpecify a name to identify the template. If the template has been copied, "- copy" is added as a suffix to the existing name.
    SubjectSpecify the subject displayed in the email sent to users.
    From EmailSelect an email address from the drop down list. This is the sender address that users see when they receive the phishing email.
    KeywordSpecify a keyword that is appended to the source email address (e.g. "<keyword> <from email>").
    Email TemplateUse the text editor to amend the email template. This must include:
    • [rawlink] to link to the Ataata phishing campaign landing page. While this exists inside our platform, you can include an embedded link to your own company website that opens in a new window when clicked.
    • [tracklink] must be located at the end of the template, to enable the phishing statistics to be captured.
  3. Click on the Create button.


Changing a Custom Template


To change a custom template:

  1. Click on the Edit button to the right of the custom template.
  2. Update the Template as required.
  3. Click on the Update button.

Phishing Campaign Actions


Deleting a Custom Template


To delete a custom template:

  1. Click on the Delete button to the right of the custom template.
  2. Click on the Sure? button to confirm the deletion.


Phishing Campaigns


Creating a phishing campaign requires you to have:


Listing campaigns

To list your phishing campaigns:

  1. Click on the Phishing toolbar button.
  2. Click on the Campaigns button.
  3. Optionally click in the Locale drop down and select a language to filter the campaign list to those configured for a specific language. A value of "All Locales" displays all campaigns regardless of their language.


Creating a Phishing Campaign


To create a phishing campaign:

  1. Click on the Campaigns button.
  2. Click on the Add Campaign button.
  3. Complete the Create Campaign dialog as follows:

    Field / OptionDescription
    NameSpecify a name for the campaign (e.g. Quarterly Solicitation Survey).
    OptionsThis controls the number of templates you can select in the "Templates" field:
    • Random Templates: You can select more than one template in the "Templates" field, which are randomly used to send the phishing email to users.
    • Non-Random Templates: You can only select one template in the "Templates" field.
    LanguageSelect a language from the drop down list to translate any of the default single or multiple page email templates. Custom email templates aren't translated.
    TemplatesSelecting Multiple Phishing TemplatesEither select the:
    • Template to be used when sending the phishing email, if the "Non-Random Templates" option is selected.
    • Templates to be used when sending the phishing email, if the "Random Templates" option is selected:
      1. Click in the tick box to the left of the templates. As they're selected, they are displayed in the field as a comma separated list.
      2. Click outside the drop down to complete the rest of the dialog.
    Group NameSelect the user group from the drop down who'll receive the phishing email.
    Launch DateSpecify a start date for the campaign, by clicking in the field and selecting a date from the calendar.
    From Email

    Select the email address from the drop down list that will be substituted for a template's default email address. Select the "Use Default Templates" option if you'd prefer to use the template's default email source address. 

    Scheduling TimezoneSelect the time zone that the phishing campaign starts within on the specified launch date.
  4. Click on the Create button.


Changing a Phishing Campaign


If a phishing campaign hasn't started, you can change it:

  1. Click on the Edit button to the right of the campaign.
  2. Change the Campaign as required.
  3. Click on the Update button.


Deleting a Phishing Campaign


If a phishing campaign hasn't started, you can delete it:

  1. Click on the Delete button to the right of the campaign.
  2. Click on the Confirm button in the confirmation dialog.


See Also...