Phishing

SecurityIQ, AwareEd, and PhishSim User’s Manual, Pt. 7: Account Settings

Darren Dalasta
December 21, 2016 by
Darren Dalasta

Objectives

Once you have completed this section, you will be able to:

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.
  • Apply custom branding to your SecurityIQ portal
  • Set the default education asset used in PhishSim Templates
  • Add custom domains to be used for sending PhishSim notifications
  • Enable the suppression of footers in PhishSim emails (Enterprise version only)
  • Customize PhishNotify Plugin messages
  • Select the default domain used for sending AwareEd learner notifications
  • Add additional administrators to your SecurityIQ portal
  • Download email logs

Overview

The SecurityIQ platform can be customized in many ways. This section describes how to manage the customizable options available to SecurityIQ administrators.

1

Figure: Account Setting Page

Branding

Many areas of SecurityIQ can be branded to include your organization's logo, name, and color scheme.

To display a custom logo on SecurityIQ pages, education assets, and email notifications:

  • From the main menu, click your name at the right side of the screen
  • Click “Change Branding” in the branding section
  • Click “Use Custom Logo” in the Logo section
  • Click “Choose File”
  • Select a jpg image file with dimensions between 420x420 and 1280x1280 pixels
  • Click “Save”

To modify the background color of SecurityIQ pages:

  • From the main menu, click your name at the right side of the screen
  • Click “Change Branding” in the branding section
  • In the Background Color section, choose your desired color. The background of the Branding section will update in real-time so you can easily determine how the color will look.
  • Once you have chosen a color, click “Save”

To preview your branding changes:

  • From the main menu, click your name at the right side of the screen
  • Click “Change Branding” in the branding section
  • In the preview section, click the “Binocular” icon to the right of the item you wish to preview

To update the name which is displayed on SecurityIQ pages, education assets, and email notifications:

  • From the main menu, click your name at the right side of the screen
  • Update the “Customer Name” in the User Information section
  • Click “Save” at the bottom of the page

 

2

Figure: Change Branding Page

PhishSim Settings

PhishSim Email Templates will display a default education module if one isn’t specified when the template is created.

To change the default PhishSim Education Module:

  • From the main menu, click your name at the right side of the screen
  • Click the “Gear” icon to the right of Default Education in the PhishSim section
  • Select the desired education asset to be used as the default education for PhishSim templates
  • Click “Save”

To suppress the footer from being included in PhishSim emails (Enterprise version only):

  • From the main menu, click your name at the right side of the screen
  • Click the “Gear” icon to the right of My Domains in the PhishSim section
  • Click the “Suppress Footer” checkbox to the right of the domains you would like to enable this feature for
  • Click “Save”

PhishNotify Plugin Settings

To modify the configuration of the PhishNotify plugin:

  • From the main menu, click your name at the right side of the screen
  • Click the “Gear” icon to the right of Messages and Behavior in the PhishNotify section
  • To enable uploading of message contents when a user reports a suspicious message, click the checkbox to the right of “Upload Email Contents” in the Email Options section
  • To enable uploading of email attachments when a user reports a suspicious message, click the checkbox to the right of “Upload Email Attachments” in the Email Options section
  • If you wish to move an email after it has been reported, select the appropriate action from the dropdown box in the Email Actions section
  • To customize the messages displayed to the learner after they have reported a potentially suspicious email, update the text in the appropriate section
  • Click “Save”

AwareEd Settings

To add custom domains to be used for sending AwareEd notification emails:

  • From the main menu, click your name at the right side of the screen
  • Click the “Gear” icon to the right of My Domains in the PhishSim section
  • In the new window that appears, click the “Add Domain” button
  • Enter the domain you wish to use
  • Click “Save”

To select a default domain to send AwareEd notification email from:

  • From the main menu, click your name at the right side of the screen
  • Click the “Gear” icon to the right of “Send notifications from” in the AwareEd section
  • Select the desired domain and click “Save”

Add Additional Administrators

To invite a new administrator to manage your SecurityIQ portal:

  • From the main menu, click your name at the right side of the screen
  • Click “New Administrators” in the Account Administrators section
  • Enter the email address of the person you would like to share administrative access with
  • Click “Add”

Download Email Logs

To download a log of all email sent from SecurityIQ to your learners in the past seven days:

  • From the main menu, click your name at the right side of the screen
  • Click “Download Log” from the Email Log section.

 

Supplementary

Template Variables

 

Variable Description Subject Email Body

http://phish.io (or any URL) in a hyperlink All URLs used in hyperlinks (i.e., in an “<a href=’...’>” clause) will automatically be replaced by a “phish.io” link that allows the system to track your learners’ clicks and present them with a specific landing pages. (Some paid tiers of service allow you to customize these landing pages further.) Hyperlinks are only supported in the BODY of a message. No Yes

{{footer}} Provides a block of text that explains that this email is not spam, that it is a service of our system and that you specifically requested the test. Also provided in the text are links to report this message as phishing, unsubscribe and “report as spam”. This block of text looks similar to other legal “boilerplate” often appended to email messages by corporate email servers and usually ignored by end users. However, it is REQUIRED on all messages, both to keep our system legal, and to give eagle-eyed recipients a way to positively tell the system that they recognized your phishing message and were not fooled. This variable is only supported in the BODY of a message. No Yes

{{learner}} Provides the first and last name of the learner with a space in between the names. Example: “John Smith”. Note: this value may be blank if this value was not configured. This variable is supported in all message fields. Yes Yes

{{learner_first}} Provides the first and last name of the learner. Example: “John”. Note: this value may be blank if this value was not configured. This variable is supported in all message fields. Yes Yes

{{learner_last}} Provides the first and last name of the learner. Example: “Smith”. Note: this value may be blank if this value was not configured. This variable is supported in all message fields. Yes Yes

{{learner_email}} Provides the email address of the learner. Example: “jsmith@email.com”. This variable is supported in all message fields. Yes Yes

{{learner_title}} Provides the title of the learner. This variable is supported in all message fields. Yes Yes

{{learner_department}} Provides the department of the learner. This variable is supported in all message fields. Yes Yes

{{learner_phone}} Provides the phone number of the learner. This variable is supported in all message fields. Yes Yes

{{learner_address1}} Provides the address of the learner. This variable is supported in all message fields. Yes Yes

{{learner_address2}} Provides the address of the learner. This variable is supported in all message fields. Yes Yes

{{learner_city}} Provides the city of the learner. This variable is supported in all message fields. Yes Yes

{{learner_state}} Provides the state of the learner. This variable is supported in all message fields. Yes Yes

{{learner_zip}} Provides the zip code of the learner. This variable is supported in all message fields. Yes Yes

{{learner_country}} Provides the country of the learner. This variable is supported in all message fields. Yes Yes

{{learner_custom}} Provides the custom field of the learner. This variable is supported in all message fields. Yes Yes

{{customer}} Provides the name of your account (not the learner). Yes Yes

{{customer_email}} Provides the email associated with your account (not the learner). Yes Yes

 

Get six free posters

Get six free posters

Reinforce cybersecurity best practices with six eye-catching posters found in our free poster kit from our award-winning series, Work Bytes.

 

Darren Dalasta
Darren Dalasta

Darren Dalasta is an accomplished digital strategist and growth marketing leader with almost 20 years of experience in SEO, demand generation and product management. Darren leads growth marketing strategy at Infosec, where he focuses on implementing scalable digital strategies that generate sales-ready leads, shorten the time-to-purchase journey and reduce churn. Previously, Darren ran digital marketing at WhitePages.com where he doubled search traffic for the company’s Top 50 global site and was among one of the first 100 Google Adwords Qualified Professionals. He joined Infosec in 2010 and has since grown the marketing team from one staff person to 18. Darren holds a Bachelor of Science in Marketing from University of Wisconsin-Madison and lives in the Pacific Northwest where he spends as much time in the mountains as possible.