PhishTrainer - Help

1.1. What is PhishTrainer and why use it?

PhishTrainer is a platform designed to strengthen your organization's cyber resilience. At the heart of its mission is raising awareness and training your employees to deal with phishing (Luring Attack) threats, an attack technique commonly used by cybercriminals to steal sensitive information.

The tool simulates controlled phishing attacks by sending fake, but realistic, emails to your employees. By observing their reactions (opening the email, clicking on a link, submitting information on a fake page), PhishTrainer allows you to:

• Assess the level of vigilance of your teams against this type of threat.
• Identify specific training needs within your organization.
• Measure the effectiveness of your cybersecurity awareness programs over time.
• Reduce risks related to human errors, which are often the cause of security breaches.

Using PhishTrainer means investing in a proactive approach to educate your employees, transform them into an active first line of defense, and ultimately protect your company's informational assets.

1.2. Key Concepts and Phishing Terminology

To use PhishTrainer effectively, it is helpful to understand some fundamental terms:

• Phishing (Luring Attack): A fraudulent technique aimed at obtaining confidential information (credentials, passwords, banking information) by posing as a trusted entity via email, instant messaging, or other electronic means.
• Phishing Simulation: Controlled sending of fake phishing emails for educational and assessment purposes, with no real risk to recipients or the organization.
• Awareness Training: The process of informing and training employees to help them recognize threats and adopt good behaviors.
• Target: An employee or collaborator designated to receive a simulation email as part of a campaign.
• Group (of targets): A set of targets grouped (by department, function, etc.) for a specific campaign.
• Phishing Email (template): A fake email template used for the simulation.
• Landing Page: A web page to which a target is redirected if they click on a link in a simulation email. It can be educational or simulate a login page.
• Campaign: A planned operation of sending simulation emails to one or more groups of targets, using a defined scenario (email + landing page).
• Click Rate: The percentage of targets who clicked on a link in the simulation email. This is a key indicator of vulnerability.

1.3. Our Commitments: Client-Side Encryption Architecture and Hosting in Switzerland

The trust and security of your data are at the heart of our concerns. PhishTrainer is based on strong commitments:

• Client-Side Encryption Architecture: This product is compatible with this advanced security principle. For customers who choose this option, it means that potentially sensitive data from simulations (for example, if information is entered on fake forms, the name, first name, and email of targets) are encrypted in such a way that only you, as the customer, possess the decryption key. PhishTrainer does not have access to this data in clear text, ensuring maximum confidentiality.
• Development and Hosting in Switzerland: The tool is entirely developed in Neuchâtel, Switzerland. Furthermore, all data you entrust to PhishTrainer is stored exclusively on servers located in Switzerland. This ensures that you benefit from a strict legal and regulatory framework regarding data protection.

1.4. Who is PhishTrainer for?

PhishTrainer is designed for organizations of all sizes wishing to improve their security posture. Typically, PhishTrainer users within a company are:

• Information Systems Security Managers (ISSM / CISO): To assess risks, justify security investments, and track behavioral improvements.
• IT and security teams: To conduct campaigns, analyze technical results, and adapt protection measures.
• Human Resources (HR) and training departments: To integrate phishing awareness into employee training programs and track their progress.
• Management: To get a clear view of the level of risk associated with phishing and the effectiveness of actions taken.

1.5. Overview of the Main Interface

The PhishTrainer interface is structured to offer you intuitive navigation and quick access to essential features. Although details may evolve, you will generally find:

• A Dashboard: Displaying a summary of recent activities, key statistics from your latest campaigns, and shortcuts to common actions.
• A "Campaigns" section: To create, manage, launch, and track the status of your phishing simulations.
• A "Groups and targets" section: To manage your employee lists (targets), organize them into groups, and import new targets.
• An "Email Phishing" section: To access and manage your phishing email templates.
• A "Landing Pages" section: To access and manage your landing pages.
• A "Results" or "Reports" section: To analyze in detail the performance of your campaigns and the activity of each target.
• An "Administration" section: To manage your account settings, sending profiles, platform users, and specific features like webhooks or IMAP configuration.

We encourage you to explore these different sections to familiarize yourself with all the possibilities offered by PhishTrainer.

2.1. Account Creation and First Login

Before you can launch simulations, you must have a PhishTrainer account which, for security reasons, is opened only by the bexxo service.

Once you have obtained your credentials:

1. Access the PhishTrainer platform login URL.
2. Enter your credentials in the fields provided for this purpose.
3. During your first login, you may be prompted to enter your main encryption key if you have opted for the "Client-Side Encryption" architecture.

You will then access the main dashboard of the application, the starting point for your activities on PhishTrainer.

2.2. Configuring your User Profile

Each PhishTrainer user has a personal profile. It is recommended to check and complete your profile after your first login. This section generally allows you to:

• Modify your personal information.
• Change your password for security reasons.

To access your profile, look for the icon that is located at the top right of each page.

2.3. Managing Organization Users (including roles and permissions)

PhishTrainer is designed for collaborative use. If you have administrative rights, you can manage access for the different members of your organization to the platform.

Adding new users:

To invite a new collaborator to use PhishTrainer, you will need to provide their professional email address. A crucial element when creating a user is assigning a role. The roles ("Administrator", "User", "Reader") define the user's permissions, that is, the actions they will be authorized to perform in the application (create campaigns, manage targets, view reports, etc.).

During creation, security options may be available, such as:

• Forcing the user to define a new password during their first login.
• Creating the account in an initially "locked" state.

Managing existing users:

The user management section also allows you to modify an existing user's information or role, reset their password (if you are an administrator), or disable or even delete their account if they are no longer part of the organization or no longer need to access PhishTrainer.

Rigorous management of users and their rights is a guarantee of security and efficiency in the use of the platform.

3.1. Managing Groups and Targets

"Targets" are the people (usually your employees) you want to raise awareness among via your simulations. To organize these targets, PhishTrainer uses a system of "groups". A group can represent a department, a location, a seniority level, or any other relevant criterion for your campaigns.

Creating a group:
The first step is to create a group, usually giving it a descriptive Name to identify it easily (for example, "Accounting Department" or "Q2 New Hires").

Adding targets:
Once a group is created, you can add targets to it in two main ways:

• Manually: For each target, you will typically enter their name, first name, position, and especially their Email address, which is essential for sending the simulation. This method is suitable for occasional additions or small lists.
• By Import: To save time with a large number of targets, PhishTrainer generally allows you to import a CSV file. You will prepare a file containing your targets' information, then import it directly into the desired group. This is the recommended method for large lists.

A target can belong to several groups, offering flexibility in segmenting your campaigns.

3.2. Managing Phishing Emails

The phishing email is the main vector of your simulation. Its content and appearance are decisive for the realism of the campaign.

Library and Templates:
PhishTrainer provides a library of ready-to-use phishing emails (templates). You can use them as is or duplicate them to adapt them to your specific needs. These templates cover various scenarios and languages.

Creating a custom email:
You can also create your own emails from A to Z. During creation, you will define:

• An internal descriptive Name for your email template.
• Categorization elements like a simulated "Brand", a "Language", or "Tags".
• The Email Subject as it will appear to targets.
• The From address (or displayed sender name) to reinforce credibility.
• The email body, using HTML and plain text editors. The HTML editor allows for rich formatting, with a live preview and the ability to import HTML code. A text version is also crucial for deliverability.
• Optionally, you can add fake attachments to simulate certain types of attacks.

Customization and Best Practices:
To increase effectiveness, you can customize emails with variables (like the target's first name) using the dropdown list. It is crucial to follow best practices: realistic content, appropriate tone, absence (or intentional and controlled presence) of errors, clear call to action, etc.

3.3. Managing Landing Pages

The landing page is the web page to which a target is redirected if they click on a link contained in a simulated phishing email.

Library and Templates:
Just like for emails, a library of landing page templates is available, allowing you to choose or adapt existing models (fake login pages, alert messages, etc.).

Creating a custom page:
To create your own landing page, you will give it an internal Name and can categorize it (Brand, Language, Tags). The page content is then built using an HTML editor, allowing you to insert text, images, fake forms, and control its appearance through a live preview or the ability to import HTML code.

Types of pages:

• Informative/Educational: Immediately displays a message explaining to the target that they clicked on a simulated link and gives them advice.
• Data Collection (simulated): Mimics a login page or form to observe if the target attempts to submit information. It is crucial to note that PhishTrainer is designed to simulate this action, with the management of potentially entered data being framed by campaign options and security principles like the "Client-Side Encryption" architecture.

3.4. Managing SMTP Sending Profiles

A sending profile contains the technical (SMTP) parameters necessary for PhishTrainer to send simulation emails from an address you control or via preconfigured bexxo servers.

Usage and creation:
PhishTrainer can offer pre-existing sending profiles to simplify starting up. You can also configure your own SMTP profiles for increased control over the sender and deliverability.

When configuring a custom profile, you will need to provide:

• A Name to identify this profile.
• SMTP server information: Server address, Port number.
• Login credentials (Username and Password) if your SMTP server requires authentication.
• The type of secure connection (SSL/STARTTLS).
• The sender's email address and the name that will be displayed.
• Optionally, custom headers can be added for specific technical needs.

Testing the profile:
Once a profile is configured, it is essential to test it. A test function allows you to send a test email to verify that all parameters are correct and that emails can be routed correctly.

4.1. Creating and Configuring a New Campaign

Creating a campaign involves assembling the different components you have configured and defining the simulation's modalities.

The typical process for creating a new campaign involves the following steps:

• Naming the campaign: Give a clear and meaningful name to your campaign to easily find and analyze it (e.g., "Q1 Simulation - Sales Department - Fake Invoice").
• Selecting the elements:
  • Choose the target Group(s) that will receive this simulation.
  • Select the Phishing Email template to send.
  • Associate the Landing Page to which targets will be redirected.
  • Define the Sending Profile (SMTP) to use for sending emails.
• Configuring sending and tracking parameters:
  • You choose a Domain Name to use for phishing links, as well as the Format of these links for more realism.
  • An option to redirect to a specific "best practices" page is available after an interaction.
  • You decide if you want to enable tracking of image loading in the email (useful for estimating open rates).
• Defining privacy and collection options:
  • Choose if campaign results should be anonymized (target actions are recorded without their names being directly visible in detailed reports, thus preserving privacy).
  • Determine if information potentially entered by targets on landing page forms should be "memorized" (this option should be used with caution and in accordance with your privacy policy and the principles of the "Client-Side Encryption" architecture if activated).
• Scheduling the launch:
  • Set the Launch Date for your campaign.
  • A progressive sending option may be available to spread out the email sending over a given period rather than all at once.

Before finalizing, an important function is offered: the possibility to send a test email. This allows you to receive the simulation (at a test address that you define) as a target would see it, and thus verify the entire configuration (email appearance, link functionality, landing page display).

4.2. Verification, Launch, and Monitoring of a Campaign

Final verification:
Before launching a large-scale campaign, take a moment to review all the parameters you have configured. An error (a wrong group, a mistake in the email) can compromise the results or the credibility of your simulation.

Launch:
Once everything is verified, you can launch the campaign. If you have scheduled a launch date, the campaign will start automatically at the scheduled date and time. If the launch is immediate, emails will begin to be sent shortly after your validation.

Monitoring ongoing campaigns:
After launching, you can track the status of your campaign from the PhishTrainer interface. You will see information on the progress of the sending, and the first statistics will begin to appear as targets interact with the emails. During this phase, you sometimes have the option to stop a campaign if a problem is detected.

4.3. Duplicating an Existing Campaign

To save time and ensure consistency in your simulations, PhishTrainer allows you to duplicate an existing campaign. This feature is particularly useful if you wish to:

• Relaunch a similar simulation at regular intervals (for example, every quarter).
• Use a previous campaign as a base model for a new simulation, modifying only a few parameters (for example, changing the target group or the phishing email).
• Perform A/B tests by creating two versions of a campaign with a single minor variation.

When you duplicate a campaign, most of its parameters (email, landing page, options) are copied. You will need to define a new name for the duplicated campaign and verify/adjust the launch date and target groups.

5.1. Consulting the Dashboard and Understanding Key Statistics

PhishTrainer provides you with a results dashboard for each campaign. You will find a summary overview with key performance indicators that reflect the behavior of your targets:

• Emails sent/delivered: Indicates the total number of emails that were technically routed to targets.
• Open rate: Percentage of targets who opened the simulation email. This rate can be estimated, for example, by the loading of an invisible image (pixel tracker) if this option was activated in the campaign.
• Click rate: Percentage of targets who clicked on at least one link contained in the phishing email. This is a major indicator of your users' vulnerability to phishing.
• Data submission rate: If your landing page included a fake form (to simulate a request for credentials, for example), this rate indicates the percentage of targets who attempted to submit information.
• Reporting rate (Report): If you have configured the IMAP reporting feature, this (very positive) rate measures the percentage of targets who correctly identified and reported the phishing email to the dedicated address.

These global statistics give you a first assessment of the impact of your campaign and the general level of awareness.

5.2. Detailed Analysis by Target and Actions

Beyond the global figures, PhishTrainer allows you to examine the individual behavior of each target, unless the option to anonymize results was activated for the campaign. This finer analysis can reveal specific behavioral patterns.

For each target, you will generally be able to see:

• If the email was opened.
• If a link was clicked (and sometimes which one, if there were several).
• If data was submitted on the landing page.
• If the email was reported as phishing (via the IMAP function).
• The time and date of these actions.
• In some cases, additional technical information such as the IP address (which can give an indication of location) or the type of browser used at the time of the click.

This detailed view, while needing to respect confidentiality and your company's internal policy (especially if the results are not anonymized), helps to identify individuals or departments that could benefit from additional attention or training.

5.3. Filtering, Exporting Reports, and Interpreting Data

To refine your analysis and communicate the results, PhishTrainer generally offers additional features:

• Filtering results: You can apply filters to focus on specific segments of your data, for example, display results for a particular target group, or compare behaviors according to different criteria.
• Exporting reports: It is possible to export data in CSV formats. This allows you to perform more in-depth analyses with your own tools, keep a history, or prepare presentations for management or the teams concerned.

Interpreting data:

Interpreting the results is key. Here are some leads:

• High click or submission rates indicate a general need to strengthen awareness.
• Notable differences between groups may suggest targeted training actions.
• Comparing the results of successive campaigns over time shows you the evolution of behaviors and the effectiveness of your awareness program.
• A high reporting rate is an excellent sign: it shows that your employees are becoming proactive in detecting threats.

Remember that the main objective of phishing simulations is education and continuous improvement, not the stigmatization of employees.

6.1. Configuring and Using Webhooks

Webhooks are a way for PhishTrainer to notify other applications in real time when a specific event occurs during a campaign. For example, you could be instantly informed when a target clicks on a link, submits data, or reports an email.

Usefulness of webhooks:

• Integrate PhishTrainer data with your own information systems (SIEM, reporting tools, etc.).
• Trigger automated actions in other applications (e.g., create a support ticket, send a notification to a team chat channel).
• Gain real-time visibility into the progress of your campaigns.

Configuring a webhook:

To configure a webhook, you will generally need to:

1. Give a Name to your webhook configuration to identify it.
2. Provide the destination URL: this is the address of the external application that will receive notifications from PhishTrainer. This application must be designed to accept and process the data sent by the webhook.
3. Define a Secret (a confidential string of characters): This secret is used to secure communication. It allows your destination application to verify that requests are indeed from PhishTrainer.
4. Activate the webhook so it starts sending notifications.

Once configured, PhishTrainer will automatically send data (often in JSON format) to the specified URL each time the events you have chosen to track occur.

6.2. Configuring Email Reporting via IMAP (IMAP Report)

This advanced feature allows PhishTrainer to connect to a dedicated email inbox (via the IMAP protocol) that you will have set up. The objective is to detect if your targets forward simulation emails they suspect to this reporting address.

If a PhishTrainer simulation email is found in this inbox, it indicates that the target has not only identified the threat, but has also followed the internal reporting procedure. This is a very positive indicator of the cybersecurity maturity of your employees.

Configuring IMAP Report:

To set up this feature, you will need to configure several parameters:

• Activate the feature.
• Enter the connection details for your IMAP server: the IMAP Server address, the Port used, as well as the User and Password for the email account dedicated to reporting.
• Specify the email Folder to monitor (e.g., "INBOX" or a specific folder).
• Define the Frequency at which PhishTrainer should check this mailbox for new reports.
• Indicate if the connection should use TLS encryption for added security.
• Optionally, you might be able to limit verification to emails from a specific domain, ignore SSL certificate errors (to be used with caution), or configure automatic deletion of campaign report emails after they have been processed by PhishTrainer.

Managing the reporting inbox from PhishTrainer:

Once the IMAP connection is established and active, PhishTrainer does not just automatically check for reports. You will also have the ability, directly from the PhishTrainer interface, to interact with messages in this mailbox. You will notably be able to:

• View the latest emails received in the reporting inbox.
• Read the content of these emails for review.
• Mark emails as read once they have been processed or verified.
• Delete emails from the IMAP mailbox, for example, after a campaign report has been correctly processed or to clean up irrelevant messages.

This integrated management facilitates the maintenance of the reporting inbox and gives you direct control over the messages it contains, without having to connect separately via a traditional email client.

Tracking reports via IMAP significantly enriches the analysis of your campaigns by highlighting the proactive behaviors of your employees.

7.1. Understanding Client-Side Encryption Architecture and Data Security

PhishTrainer places paramount importance on the protection of your information.

Client-Side Encryption Architecture:
Our product is designed to be compatible with a "Client-Side Encryption" architecture. For customers opting for this approach, it means that potentially sensitive data collected during a simulation (for example, information a target might have entered on a fake landing page form, if the campaign is configured to store them) is encrypted. The distinctive feature is that you, the customer, are the sole holder of the decryption key. Thus, PhishTrainer, as a service provider, does not have the technical ability to access this specific data in clear text. This mechanism ensures a maximum level of confidentiality and control over your most sensitive information.

Development and Hosting in Switzerland:
PhishTrainer is a solution carefully developed in Neuchâtel, Switzerland. All the data you entrust to us, including campaign configurations, target lists, and aggregated results, are hosted exclusively on servers located on Swiss territory. You thus benefit from the rigor of Swiss data protection laws (DPA) and a strong commitment to the sovereignty of your information.

Standard security measures, such as encrypting communications (HTTPS) and protection against unauthorized access, are also implemented to protect the integrity and confidentiality of the entire platform.

7.2. Recommendations for Ethical and Responsible Use of PhishTrainer

Phishing simulations are a powerful educational tool, but their use must be part of an ethical framework that respects your employees.

• Communication and Transparency:
  • It is strongly recommended to inform your employees (and/or their representative bodies) about the implementation of a phishing simulation program. Clearly explain the objectives: to improve collective security, to train, and not to trap or punish.
  • It is generally not necessary (nor desirable) to communicate the exact dates and times of campaigns, but awareness of the program itself is important.
• Educational Objective First and Foremost:
  • Design simulations whose primary goal is to teach. The scenarios should be realistic but adapted to the maturity level of your targets.
  • Ensure follow-up after each campaign, providing explanations, advice, and additional training resources to those who clicked or submitted information.
• Respect for Privacy and Anonymization:
  • Be aware of data sensitivity, even simulated. Use the option to anonymize campaign results if you want to focus on overall trends rather than individual performance, or if it better suits your company culture.
  • If your campaign is configured to "memorize" data entered on forms (even under "Client-Side Encryption" architecture), ensure you have a clear internal policy regarding access, retention period, and deletion of this information.
• Proportionality and Choice of Scenarios:
  • Avoid phishing scenarios that could be perceived as excessively stressful, anxiety-inducing, discriminatory, or that touch on highly sensitive personal topics, unless after careful consideration and strict internal validation.
  • Adapt the complexity of the simulations. Perhaps start with more obvious scenarios, then gradually increase the difficulty.
• Legal Compliance:
  • Ensure that your phishing simulation program complies with current regulations in your country or region regarding the protection of employees' personal data and workplace monitoring (e.g., DPA in Switzerland, GDPR in Europe).

Responsible use of PhishTrainer strengthens your employees' trust and the effectiveness of your cybersecurity awareness program.

8.1. Troubleshooting Common Problems

Here are some of the most frequently encountered problems and tips for resolving them:

• Emails not delivered or marked as Spam:
  • Carefully check your sending profile (SMTP) configuration.
  • Ensure that the sending domains you use are correctly authenticated (SPF, DKIM, DMARC configurations on your DNS servers). This greatly improves deliverability.
  • Examine the content of your simulation email; certain keywords or types of attachments can trigger anti-spam filters.
  • Add the Email address to your whitelist.
  • Check if your sending IP addresses are not on blacklists.
• SMTP Configuration Errors:
  • Scrupulously check the entered information: SMTP server address, port number, username, password, and security type (SSL/TLS). A simple typo can cause an error.
  • Systematically use the sending profile test function offered by PhishTrainer to validate your configuration before launching a campaign.
• Landing Page inaccessible or incorrect:
  • Check the link generated in the simulation email.
  • Ensure that the landing page is correctly configured and active in PhishTrainer.
  • Rule out network or DNS problems on the target's side (rarer, but possible).
• PhishTrainer Account Connection Problems:
  • Check that you are using the correct credentials (email address and password). Pay attention to case sensitivity (uppercase/lowercase).
  • Use the "Forgot password" function if available on the login page.
  • Ensure that your user account is not locked by an administrator.

Contacting PhishTrainer Support:
If you cannot resolve a problem despite these checks, or if you need more specific assistance, do not hesitate to contact our support team. You can usually reach us:

• Via the contact form on our official website: https://www.bexxo.ch.
• By email to: info@bexxo.ch.

8.2. Frequently Asked Questions (FAQ)

We have compiled the questions most frequently asked by our users. Consulting this section may quickly provide you with an answer.