Automate phishing simulations

Find out how you can continually test users for their vulnerability to phishing with AutoPhish.

Micke Ahola avatar
Written by Micke Ahola
Updated over a week ago

In order to be effective, training and testing should continue throughout the year. With regular phishing simulations, your users will be primed to always stay on the lookout for suspicious emails in their inboxes.

In this article, you'll learn:

How to automate phishing simulations with Auto Phish

Step One - Find the Auto Phish settings

In the top menu, hover over uPhish and click Configure Auto Phish

Step Two - Turn on Auto Phish

Toggle the 'Enable Auto Phish' button at the top of the page.

Step Three - Select the timing of the simulations

You will need to choose the frequency of the automated simulation emails, as well as whether they send during working hours.

  • How many weeks between simulations - This setting configures the time between the first and last simulated email in a campaign. All Auto Phish emails will be sent at random times during this period, after which the simulation begins again.
    For example, if you set the interval to be eight weeks, every user will receive one simulated phishing email on average every eight weeks.

  • Only send between working hours - This setting determines whether the simulated phishing emails are sent only during work hours, or at any time. Configure working hours for your platform in the platform settings.

Step Four - Select recipients

You can exclude user groups at this stage to prevent them from getting automated phishing emails.

Step Five - Select Domains

You can use this box to select which domains you'd like to be used by your automated phishing simulations - or leave it empty to allow any uPhish domain to be used.

Step Six - Set language preferences

You can choose to restrict templates to ones available in your Preferred Content Language (you can set this in your Language settings). You can also choose to add any languages you wish to be used for Auto Phish in the selection box.

NOTE: If you enable the Restrict Templates to your Preferred Content Languages(s) setting or choose one or more Preferred Template Language(s), only templates that match your chosen languages will be selected for your Auto Phish simulations, even if you include templates from other languages with template filtering.

Step Seven - Select templates

uPhish contains a large library of phishing templates. For Auto Phish, you can pick and choose which you want to include - or just exclude the ones you don't want.

NOTE: Templates you choose to allow will only be selected for your simulations if they match your language settings. Please ensure that any templates you wish to use are in line with the language settings in the previous step.

How to select templates for your automated phishing simulations

You will want to ensure that only templates that your users will recognise are used in your automated phishing simulations. If templates are from another region or in another language, they won't accurately engage how likely your end users are to engage in realistic phishing attempts.

On the Auto Phish page, you can choose which templates are included in your automated simulations by selecting to either include or exclude a list of templates.

If you want to include only your chosen templates:

  • Set 'Template Filtering' to 'Include Certain Templates'

  • Choose which templates you want to include

  • Ensure that the languages your chosen templates are in match your Preferred Content Language(s) or the Preferred Template Language(s) if you have language restriction settings enabled

If you want to exclude certain templates:

  • Set 'Template Filtering to 'Exclude Certain Templates'

  • Choose which templates you want to exclude

How to select domains for your automated phishing simulations

There are a wide variety of domains available in uPhish. Selecting the right domains to be used in your automated phishing simulations will help ensure that simulations are effective, as you will for example be able to rule out regional domains that are not applicable to your end users.

Selecting domains to be used by Auto Phish is also essential if you use Advanced Delivery (the preferred allow-listing method in M365) as Advanced Delivery limits your allow-listing to 20 domains. You should ensure the 20 domains set up in Advanced Delivery match the 20 domains you choose in Auto Phish.

To select domains to be used by Auto Phish:

  1. Find the Auto Phish page under uPhish

  2. Add your chosen domains to the Domain Allow List

  3. Click Save at the bottom of the page

How to send out inline training to users compromised in Auto Phish simulations

Users who become compromised in their phishing simulations require extra training to ensure that they know how to keep themselves and your company's data safe in the future.

You can easily configure automatic inline training to users who become compromised in Auto Phish simulations at the bottom of the Auto Phish configuration page.

Simply select the subject of the course you wish to enrol users on, and pick out your selected course from the list below before saving your settings.

  • We recommend you to use the Phishing Micro Training course under the 'Custom' subject

Next steps

Did this answer your question?