With Lupasafe, you can create every phishing email you think of. Some of our best phishing emails are about:
- Change of salary scale
- Confirm your assistance to... (Christmas event, employees´ dinner, meeting next week...)
- Change in holiday policy
- Attached the documents you asked for
- Complaint of a client/vendor/donor
1. Whitelist.
Whitelist the following three email addresses to make sure the email reaches your employees' inbox:
phtest1@luminarywebtech.com
phtest2@luminarywebtech.com
phtest1@crestfallenconsulting.com
phtest2@crestfallenconsulting.com
Whitelist also our domain: IP 45.82.191.25.
Whitelist also the sender, if you do use a sender outside your own company, for example: ´security@hubspot.com´
You could make a message rule that forces spam status always on "not spam" , this way you ensure that our emails gets right into the inboxes of your employees (and not in the spam folder).
If the phishing still lands into spam, please click here for our detailed guide on how to deliver phishing messages into the inbox.
2. Inform your colleagues and stakeholders about the upcoming phishing.
The whole idea of a phishing test is that employees can recognize and avoid phishing in the future. The training is therefore not about catching people making a mistake (no “us versus them”), but about creating a learning moment for employees. In our experience, this works best when employees are informed in advance. They often forget this after one day, but it leads to employees not feeling 'tricked in' afterwards.
Template email for colleagues (English)
Template email for colleagues (Dutch)
Important: do you use a colleague´s name, an external brand or contact person for the phishing? Communicate this with stakeholders to avoid unpleasant situations or unexpected phonecalls from worried or upset partners.
3. Create the phishing email in the portal
Watch the video to see how you create a phishing email in the portal
Rather read?
Go to ´employees´ and ´phishing templates´. Click on ´Add new template´.
Enter a subject line and (optional) a category (if you want to re-use the template)
Good subject lines are:
Confirm your attendance to ...
Important new policy updates on ...
Please review ....
Urgent ...
You can guard this template under categories like business, personal, healthcare, notary, etc. This is only for your own convenience.
Toggle the button at the bottom of the page if you want to use this template for all your clients.
Type a message
- Type a message. Personalize the message by using the {firstname} or {lastname} . This will be replaced by the user´s first name or last name in the email. Use the {link_url} to refer to the landingspage:
<a href="{link_url}">Click here to.... </a>
Note: always use the {link_url}, the phishing clicks will be collected via this url.
Choose a landing page
You can use the standard phishing e-learning
Employees will see the phishing microlearning in their own language.
You can also create your own landing page by selecting ´I want to create a custom template´.
Create a custom landing page
Preferably, create a container where your employees have to enter their email addresses and passwords. Remember never to store passwords, this can create a data leak!
You can also import a web page by clicking on the green button and entering a login page you´d like to use.
4. Save, test and send the campaign
After saving the template, go back to ´Phishing´ on the left hand menu and click on ´instant campaign´ and follow the steps to send out the custom campaign.
BEFORE YOU GO, DOUBLE CHECK:
1. Have the correct addresses been whitelisted?
2. Test the email. Does the email arrive in the recipient's inbox (and not in spam)?
3. Has the phishing campaign been announced among colleagues? Do they know who to report to?
3. Have the parties involved (department(s) involved, management, IT, external parties) been informed?
4. Do all links and forms in the phishing email and landing page work?
5. Does the landing page have a clear message?
6. Have agreements been made about reporting to management?
7. Is the phishing followed up with training or a new phishing test for continuous employee training?