KnowBe4 Phishing Campaign is a simulated phishing test that aims to train end-users to become vigilant when checking their emails.
An issue has been reported wherein the result of KnowBe4 Phishing Campaign incorrectly returns a 100% click-rate, even though the customer is certain that not all of their end-users would have clicked on the test email as some employees are absent when they simulate the campaign.
To resolve the issue, deliver KnowBe4 campaigns without scanning the URLs on the test email.
- On the Hosted Email Security (HES) console, go to Inbound Protection > Policy Objects > Keyword Expressions.
- Create a new keyword expression for KnowBe4.
- Set Match to Any Specified.
- Click the Add button.
- Enter the following keywords/phrase:
- This is a phishing security test from KnowBe4 that has been authorized by the recipient organization.
- Click Save.
- Go to your policies and select Inbound Protection > Policy.
- Choose the domain where you want to apply the policy to, and then click Add.
- Under the Basic Information Setting, set a name for your new policy and tick Enable.
- Under the Recipients and Senders, set the following:
- In the Recipients section, choose My domains and select from the available domains, then click Add.
- In the Senders section, choose Anyone to use any email addresses for a rule, since KnowBe4 uses random email addresses to send its phishing campaign emails.
- Under the Scanning Criteria, configure the following:
- Click Advanced.
- Enable the Specified header matches checkbox.
- Click keyword expressions link. It will show a new window where you can select the keyword expression you created earlier.
- Under Specified Header Matches, select Other and type "X-PHISHTEST".
- Choose the keyword expression you have created and click Add.
- Click Save.
- Under the Actions setting, choose the intercept action to Deliver now.
- Review the summary of your policy. It should look similar below:
- Make this new policy as the first rule on your list of policies in order for it to take precedence before the other policies. Click the up arrow button to move this rule to the top of your policy list.
In this case, if the keyword was matched, the email would not go through the rest of the policies and it would get delivered immediately to the end-user. No attachment, URL, or other content will be further checked by HES.