Send A Baseline Phishing Test

To start your first phishing email simulation, make sure to whitelist the IP address of the testing tool.

This makes sure that employees will receive the email.

When crafting your first simulated phishing email don’t make it too easy or too hard.

You should also remember your audience.

If your coworkers are not heavy users of social media, then it probably wouldn’t be a good idea to use a fake LinkedIn password reset phishing email. The tester email has to have enough broad appeal that everyone in your company would have a reason to click.

Some examples of phishing emails with broad appeal could be:

• A company-wide announcement
• A shipping notification
• A “COVID” alert or something relevant to current events

Just remember the psychology of how the message will be taken by your audience before hitting send.

Continue with Monthly Emails

Continue to send phishing training emails to your employees. Make sure that you are slowly increasing the difficulty over time to increase people’s skill levels.