Phishing module setup

You must be an administrator of the mailbox to synchronize your mailbox with the Stoik phishing simulation tool. Read-only access will be requested.

If you are not an administrator, an error message will appear and you will not be able to proceed.

The phishing simulation available from Stoïk Protect trains employees of insured companies using a two-pronged approach:

  • Fake phishing emails are sent weekly, monthly or quarterly to train them to spot fraudulent messages.

  • Modules raising awareness of best practices in phishing are available. All employees who fall for one of our fake phishing emails are automatically redirected to these modules.

This learning-by-doing training has proven its worth: With Stoïk's phishing simulation, 75% of employees who are caught out the first time do not fall for it again.

Synchronize employees

Choose your emails templates

Launch the simulation

More settings

Synchronize employees

Go to Phishing and click on Activate phishing simulation. Next, choose synchronization with Google or Microsoft, or manual import

Import with Google or Microsoft

This method is recommended because it provides access to the anti-spam feature and therefore improves email deliverability rates.

Manual import

Manual import is generally used in the following cases:

  • If you do not have Google or Microsoft for your email account (e.g., OVH)

  • If you are not the email account administrator

Choose your email templates

Go to Phishing and click on Templates.

  • Template Content: Each template contains between 20 and 30 email sub-templates, with different sender addresses to simulate realistic scenarios.

  • Preview and Testing: You can preview each email and send yourself test emails to evaluate the tool's functionality.

  • Types of templates available:

    • Fake web pages: Templates that work with real or fake credentials (FedEx, Google, Microsoft, Zoom). These fake pages are copies of real websites. They do not perform actual authentication but redirect users to our training modules after they enter their credentials.

    • Reverse proxy phishlets: Templates that only work with your employees' real credentials. They work by capturing authentication credentials in real time and forwarding them to the legitimate website. This means users can experience a real login session without realizing their credentials have been intercepted.

Launch the simulation

Go to Phishing and click on Settings.

  • Enable/disable the simulation: You can activate or pause it at any time by selecting the button shown below.

  • Email frequency: Weekly, monthly, or quarterly. For example, if you choose monthly, each employee will receive an email during the month. However, not all employees will receive their email at the same time: The emails will be sent out over the chosen period for discretion.

Once the tool is configured, the phishing emails are sent continuously, without requiring any further action from you.

More settings

  • Deactivate an employee: By selecting one or more collaborators, you will have the option to deactivate them so they are no longer part of the simulation.

  • Change employee language: You can also change the language of the emails. By default, the language used is the one provided by automatic synchronization (Google, Microsoft).

PreviousIntroduction to phishingNextErrors during Phishing module setup

Last updated

Was this helpful?