This article contains information on creating and managing phishing campaigns in Mimecast Awareness Training, including prerequisites, campaign setup, options, tracking, staggered scheduling, test campaigns, and viewing campaign statistics.
- Local Groups are only available for Email Security Cloud Gateway.
- Email Security Cloud Integrated uses the Directory Group.
Prerequisites
To create a Phishing campaign, you need to have:
- An email template to send to users. See Managing Phishing Templates.
- A group of users to send the campaign to.
It is recommended that each user email address be present in a Mimecast Local Profile Group, or Directory Group.
Sending a campaign to a Distribution List is not recommended, as the Distribution List is treated as an individual email address. Campaign results will be aggregated for the Distribution List email address and not for the users that are part of it.
Creating a Phishing Campaign
You can create a Phishing campaign, by using the following steps:
- Log in to Mimecast Awareness Training.
-
Navigate to Phishing Training | Campaigns.
- Click on Add Campaign.
-
Complete the Create Campaign dialog as follows:
| Field / Option | Description |
| Name | Specify a name for the campaign (e.g. Quarterly Solicitation Survey). |
| Test Campaign | Mark the campaign as a Test Campaign, by toggling this to on. See Creating a Test Campaign, below. |
| Phishing Indicators Landing Page | Enable Phishing Indicators Landing Page, when creating a Campaign with indicators. |
| Options |
This controls the number of templates you can select in the Translated Templates field:
• Random Templates: You can select more than one template in the
Templates field, which are randomly used to send the phishing email to users. |
| Language | Select a language from the dropdown list to translate any of the default single or multiple page email templates. Custom email templates aren't translated. |
| Templates |
Either select the:
• Click in the tick box to the left of the templates. As they're selected, they are
displayed in the field as a comma-separated list.
The list contains all single page, multiple page, and custom templates (including those created as email templates, and those automatically created via de-weaponized phishing attacks via the SAFE Phish logs. |
| Landing Page |
Select which
Landing Page
the end user will see if they click on the email template(s) link. Choose from: • Standard (Default) Landing Page. • Custom Landing Pages shown in the dropdown are based on the language selected. |
| Launch Date | This allows you to select a date and time for Phishing Campaigns by using a date/time picker. The time zone defaults to your local time zone. |
| Send Using Direct Message Injection | Send the campaign using Direct Message Injection, by toggling this to on. See Direct Message Injection, for more information. |
| From Email |
Select the email address from the drop-down list that will be substituted for a template's default email address. Select the "Use Default Templates" option if you'd prefer to use the template's default email source address. If the Use Direct Message Injection option is in use, this becomes a free typing field for the Administrator to enter any email address. |
| Campaign Duration (In Days) | You can stagger your campaign across up to 30 business days. |
| Campaign Tracking Duration (In Days) | This is an optional field that allows you to determine the duration for which the system tracks user clicks on phishing simulations after the sending period ends. You can select a date range of 5, 10, 15, 30, or 45 days. It defaults to 45 days. |
| Selected Group(s) |
Specify the user group(s) that will receive the phishing email by searching for and selecting up to 50 Local or Active Directory groups.
|
Creating a Campaign with Phishing Indicators
You can create a campaign using Phishing Indicator Landing pages using the following steps:
- Log in to Awareness Training.
- Navigate to Phishing Training | Campaigns.
- Click Add Campaign.
- With this feature enabled, you can choose to view only Random or Non-Random Templates associated with the indicators. Once activated, the landing page dropdown will display only phishing indicator landing pages:
- Click create.
-
Launch the campaign by clicking the
icon.
- After the campaign launches, any user who opens and clicks the phishing template will be redirected to the phishing indicators landing page:
Phishing Campaign Actions
You can carry out actions on Phishing Campaigns, by using the following steps:
- Login to Mimecast Awareness Training.
-
Navigate to Phishing Training | Campaigns.
- You can use the Send Now
- This action is only available for Phishing Campaigns that have not launched.
- If a campaign is scheduled, the Send Now button should be available until the time the campaign is scheduled to go out.
- When clicked, this places the campaign into a processing queue, and overwrites any duration set (resets to one day), for the campaign.
Emails are sent in a staggered release, within an hour.
- You can use the More options "︙" menu button to carry out the following actions:
-
- Edit: Use this option to update Phishing Campaign details, then click on Update to save changes.
This action is only available for Phishing Campaigns that have not launched, and show a status of Pending.
The Edit option opens a fly-out menu, allowing you to amend fields including:
- Launch Time: This allows you to select a date and time for the Phishing Campaign, by using a date/time picker. The time zone defaults to your local time zone.
-
Campaign Tracking Duration: This is an optional field that allows you to define how long the system tracks user clicks on Phishing simulations after the sending period ends. You can select a date range of 5, 10, 15, 30, or 45 days.
You can choose a tracking period that starts after the last Phishing email is sent. This period will combine the Campaign duration and the selected tracking duration, ensuring comprehensive click data collection. -
Clone: This option provides you with the ability to clone an existing Phishing Campaign, making it easier to set up similar Campaigns with minimal adjustments.
The cloned Campaign will inherit all settings from the original, including the Campaign name, language, and template selection, providing consistency across similar Campaigns.
The start and end dates will not be cloned, and you will need to set these manually. - Deactivate: This option enables you to pause or stop an active Phishing Campaign immediately, and you will be prompted to confirm you wish to proceed with this action, to avoid unintended deactivations.
• This action is only available for Phishing Campaigns that have been Launched.
• Once a Phishing Campaign has been deactivated, the action is permanent and cannot be undone.
• The Edit option will be disabled both via the More options "︙" menu button and via the API, to prevent any further modifications.
-
- Delete: Use this option to delete a Phishing Campaign in its entirety from the Campaign queue. You will be prompted to confirm that deleting the campaign will also delete all corresponding data.
Once a Phishing Campaign has launched, deleting a campaign will cause you to lose all corresponding data associated with that Campaign. This action cannot be undone.
Staggered Phishing
You can select a period of up to 30 days in which to target phishing campaigns. Logic is built in to remove weekend days automatically and the messages are sent between 08:00 and 16:00 according to the jurisdictional grid.
While the campaign is pending, administrators will have the opportunity to check campaign information via the campaigns table, and there will be an additional column highlighting the campaign duration in days. Users who have not yet received the simulation will show a SCHEDULED status.
Viewing Campaign Statistics
Once a campaign has been launched, you cannot edit it, but you can view its statistics, by clicking on a campaign. This includes:
- Summary graphs of the number of users who've opened the phishing template or clicked on its link.
- A detailed list of the users who've opened the phishing template or clicked on its link. From this list, you can:
- Export Data to an XLSX file by clicking on the Export Data button. The file is saved to your browser's download location. You can filter the columns displayed in the campaign analytics. The export honors all filters and exports filtered user data.
- Create a group to send another phishing campaign to by:
- Clicking the Tick Box to the left of the required users.
- Clicking on the Create Groups button.
- Providing a Group Name in the dialog.
- Clicking on the Create Group button.
Creating a Test Campaign
Test Campaigns allow you conduct testing of allowlisting and other functionalities within Mimecast Awareness Training, without affecting organizational and individual user data.
You can create a Test Campaign, by using the steps above and enabling Test Campaign, using the toggle:
- The Test Campaign toggle can only be used when creating a campaign; once a Test Campaign has been created, the toggle is disabled, you can not revert it.
- If you choose to Clone a Test Campaign, you will be able to amend the status of the Test Campaign toggle.
Test Campaigns are clearly identifiable in the Campaigns page, as they're shown on a separate Test Campaigns tab:
If an End User clicks on a Test Campaign, the results are captured and reported on a campaign basis, and are visible from the Test Campaigns tab.
Data from Test Campaigns will not:
- Impact any metrics related to Risk Scoring (including organizational and individual risk scores).
- Be displayed in the Campaigns section of the Phishing Training Dashboard.
- Impact Reports via Reporting & Insights.
Comments
When using the “Send now” button, which for some reason is not included on this page, I am given a message stating "This places the campaign into a processing queue and overwrites any duration set for the campaign. Emails are sent in a staggered release within an hour."
Does this make it completely ignore any duration I have set the campaign to (for example, 5 days)? Why can it not just run the 5 days I had initially set in the campaign settings?
Thank you for your feedback, we have reviewed the article and updated it.
The article still says this for Send Now: “When clicked, this should honor all the other configured settings, apart from the scheduled date; the duration configured for the campaign isn't affected.”
Yet, when we click Send Now, we see: "Are you sure?
This places the campaign into a processing queue and overwrites any duration set for the campaign.
Emails are sent in a staggered release within an hour."
---
Which is it? Is the duration configured for the campaign not affected or is the duration overwritten?
Hi Preston,
May thanks for your feedback, I've updated the article to clarify this behaviour.
Please sign in to leave a comment.