.png){kind=icon}
đ Core concepts
Before we dive into the Phishing module, letâs take a moment to understand the core concepts of it: Softwares, Scenarios & Campaigns.
During the module configuration, youâll be invited to assign Softwares to your users. With elba you can test your users with the softwares they use on a daily basis, which can be for instance Asana, Google, NotionâŚ
For each Software, there are many Scenarios available ; a Scenario is a phishing email. For instance, for Airtable software, there are many scenarios available : âPassword expirationâ, âWorkspace invitationâ, âNew notification on documentâ... When you assign a given Software to a group of users, elba will send them all selected Scenarios.
How will elba send the scenarios? Thatâs where Campaigns enter. Our phishing module works on auto-pilot, which means that, on a regular basis (for instance every month), all users will receive a phishing scenario. We call these regular simulations campaigns. For every campaign, scenarios will be picked among selected softwares and randomly sent to users; the scenarios wonât be sent at once, but gradually, over few days, based on your configuration.
â
â
𼡠Assigning softwares to users
First thing to do is to assign software to your users. You can assign a software to all your users or to one or many specific groups; all synchronized users from the selected group will receive phishing scenarios. To learn more on how to create groups, see here.
.png)
Canât find a software? Weâve got you covered. You can request softwares and weâll create scenarios for you!
.png)
Now itâs time to select the scenarios that should be sent to your team. During this step, youâll be able to customize scenarios, with variables. There are three types of variables:
- Automated variables: this customization leverages user data (their first name, the name of your companyâŚ)
- Random variables: thatâs another type of automated variable, but that will randomly be selected for each user (for instance, the name of a random colleague)
- Custom variable: itâs up to you to set the content of this variable (for instance it could be a client name, the name of your CFOâŚ)
.png)
â
â
đď¸ Setting up the program
Now youâre almost set up. You only need to define the frequency of campaigns and the starting date of your program. Upon launch, at the selected date, synchronized users will start receiving campaigns.
.png)
Youâll then have to grant the required scopes for the Phishing module to work. The emails are directly inserted in your usersâ mail box via API, so they can bypass email clients spam filters.
.png)
Our fake login pages are hosted on a new domain every month, so users canât get used to the same domain over and over. This helps maintaining a high standard of test for your teams. If you use additional spam filters and want to allow-list our domains, please ask us the list of domains for the coming months.
â
â
đ User experience
Now that your first campaign has started, how will the experience for your users looks like? Letâs take a look at this Airtable test.
If user clicks on âReset passwordâ theyâll arrive on the fake Airtable login page.
If user enters his credentials and clicks on Sign in, they will be warned that it was a phishing test from elba and offered a 2-minutes course on how to detect phishing attempts.
Important note: elba does not access nor store any password entered by users.
.png)
Users will then have access to the track record of all phishing tests that have been sent to them in their personal dashboard.
.png)
â
â
đ Monitoring your campaignsâ progress
Ok great, now users started receiving tests, and you can monitor their progress in real time.
A quick overview of the test lifecycle - the tests might be:
- Scheduled: the test is scheduled but hasnât been sent yet
- Ongoing: the test has been sent to user less than 3 days ago and has not been failed so far; this buffer period prevents a test sent to be immediately considered a âsuccessâ while user has not even seen it in their mailbox
- Failed: the user has opened the test, clicked on the link and entered their credentials in the fake login page
- Success: the user has not entered their credentials in the fake login page after the 3 days buffer period, or s soon as they has reported the email
â
You can also have a granular view of your usersâ behavior, by filtering by âActionsâ; these actions can be:
- Link clicked: user has clicked on the link contained in the scenario
- Data submitted: after having clicked on the link, user has entered their credentials in the fake login page
- Email reported: user has reported email as suspicion of phishing attempt (only for Gmail email client - see below)
â
đ Dashboard
Goal of the Phishing module is to help your team get better over time. With our dashboard you can have a comprehensive view of your teamâs progress, with key metrics to assess your organization phishing protection.
â
â
đ¨ Phishing report button
Note: for now this feature is only available for Gmail email clients. Stay tuned, it will arrive on Microsoft as well!
In your Phishing module settings, you can activate the âPhishing reportâ feature. This will add an elba add-on in your usersâ Gmail mailboxes and will allow user to report suspicious emails. If the email comes from elba, user will be alerted; if not, they will be prompted to report it to you as soon as possible.
â
.png)
