New for QuickHelp Partner Licenses, the new Multi-Tenant Phishing Campaign allows you to run a Phishing Campaign on all child accounts under your parent account. When a Multi-Tenant Phishing Campaign is kicked off, emails are sent out in batches of 30 emails per minute at each company selected to participate in the campaign.
Prerequisites
To create a Multi-Tenant Phishing Campaign you must have:
- A Partner License for QuickHelp.
- The parent account needs to have Threat Defense enabled.
- Both the partner account and child accounts must have a Sending Profile set up.
- Customer cannot be in Sandbox mode.
- Email templates, landing pages, and feedback pages must be created.
Setting Up the Phishing Campaign
- Click the +New link in the bottom left corner.
- Select Campaign > Simulated Phishing > Campaign > Multi-Tenant. This will bring up the Multi-Tenant Campaign Wizard.
- Give your campaign a name. This name will only be visible to admins. Then select the phishing type and the email, landing page, feedback page, and subdomain you would like associated with this campaign. Click the arrow to continue. Tip: It's helpful to add the date to your campaign's name to keep your campaigns organized. For example: "15Sept2021 Amazon Phishing"
- Next, you'll input a name and email address to appear as the sender for the phishing email.
- Enter a Reply To Email (optional)
Note: This allows you to route replies to an internal email rather than escalating emails to the sender. This email will only be visible to the end-users if they reply. - Enter a Reply To Name (optional)
Tip: Put a name that is familiar to users to create a more legitimate-looking email. - In the Target Customers section, click the Browse button. A window will pop up and you'll select which Child Customers to include in your campaign. After checking the boxes next to each Child Customer you'd like to include in this campaign, click the check box in the right corner to return to the wizard.
- Input the TIME ZONE, START DATE (date and time), SEND BY DATE (date and time) you'd like to use for the campaign. Note: To avoid sending issues, emails will be distributed between the Start and Send By dates. The Send By Date will pre-populate with the estimated time needed to safely send to all targeted users, but you can extend as desired. You should not, however, change the date/time to anything earlier than the default.
- Click the right arrow in the right corner to move to the last step of the wizard.
- Next, you will set up what remedial training you would like to have users signed up for. First, select a trigger type from the dropdown.
Tip: It's recommended you select Submitted as the trigger type. It is the most accurate indicator that the user fell for the phishing scam and indicates that the user did submit information as requested in the phishing email. Clicks are only 75-80% accurate as sometimes clicks are from security bots. Opens are generally inaccurate as emails can register as "Opened" when scrolling on a mobile device.
NOTE: Group will be automatically generated and will be named by the Trigger Type and Campaign Name, for example, "Submitted 15Sept2021 Amazon Phishing". This cannot be altered/changed
- Click the Browse button to select Skill Paths or Assets you would like to enroll users in. Click the plus in the Action Column to add. You may repeat steps 7-10 to add multiple triggers which will enroll users in different Groups. Click the minus symbol in the Action column to remove a remedial training trigger.
- You can also check the box that appears beneath a remedial training trigger to assign a due date. Set the due date to be within a set number of workdays from when it is assigned or a calendar date as the training due date.
- Click the checkmark to publish your campaign. Note: Publishing the campaign will also publish any email template, landing page, and feedback page associated with this campaign that are unpublished.
Managing a Published Multi-Tenant Phishing Campaign
You can view or make changes to your existing campaigns by clicking on Campaigns > Simulated Phishing > Campaigns and then click on the name of the campaign you wish to view/edit. For more details on settings found here, see the Modify a Threat Defense Campaign article.