Phishing module setup
You must be an administrator of the mailbox to synchronize your mailbox with the Stoik phishing simulation tool. If you are not an administrator, an error message will appear and you will not be able to proceed.
The phishing simulation available from Stoïk Protect trains employees of insured companies using a two-pronged approach:
Fake phishing emails are sent frequently to train them to spot fraudulent messages.
Modules raising awareness of best practices in phishing are available. All employees who fall for one of our fake phishing emails are automatically redirected to these modules.
This learning-by-doing training has proven its worth: With Stoïk's phishing simulation, 75% of employees who are caught out the first time do not fall for it again.
1. Synchronize employees
Go to
Phishingin Stoïk ProtectClick
Activate phishing simulationChoose how you want to synchronize employees:
Google Workspace
Microsoft 365
Sign in with an account that has mailbox administrator rights
Employee synchronization is required to run phishing simulations.
2. Activate email sending via API
To ensure phishing emails are delivered to employee inboxes and not flagged as spam, Stoïk Protect sends emails through your email provider using secure APIs:
Gmail API for Google Workspace
Microsoft API for Microsoft 365
Phishing simulations intentionally mimic real-world attacks. Without API authorization, some emails may be blocked by spam filters. This configuration ensures reliable delivery of phishing emails.
Microsoft 365 setup
Security Administrator role is manadatory to proceed.
For Microsoft 365, the setup is straightforward.
When prompted in Stoïk Protect, sign in with a Microsoft 365 admin account
Review the requested permissions
Click
Accept
Once permissions are granted, the API setup is complete.
Microsoft 365 permissions
You are redirected to a Microsoft page requesting read and write access to your employees' Outlook mailboxes. These permissions will allow to configure phishing campaign with templates that are actually relevant down the line. Here are the details of the requested permissions:
Read all audit log data
Enables you to read all of the organisation's audit logs for investigation and monitoring purposes.
Read audit logs data from all services
Allows the application to read audit logs from all Microsoft 365 services for threat detection and compliance.
Read and write mail in all mailboxes
Provides full read/write access to all messages in mailboxes (used for analysis, remediation, or actions on malicious emails).
Read and write all user mailbox settings
Allows you to modify mailbox settings (rules, signatures, forwarding, etc.) for all users.
Read your organization’s conditional access policies
Allows the application to read the conditional access policy configuration for auditing or security posture analysis.
Read all usage reports
Provides access to usage and activity reports across the organisation (Microsoft 365 analytics).
Read metadata and detection details for all emails in your organization
Allows access to email metadata (headers, detections, threat indicators) without accessing the content of the messages.
Read all users’ full profiles
Provides full read access to user profiles (name, position, attributes, etc.).
Read and write all users’ authentication methods
Allows you to modify user authentication methods (MFA, telephone, email, etc.).
Sign in and read user profiles
Allows the application to log in as a user and access basic profile data.
Read and write all password profiles and reset user passwords
Allows you to reset or update passwords for all users, necessary for incident remediation.
Revoke all sign in sessions for a user
Allows you to immediately revoke all active sessions for a user, used for immediate containment.
Read activity data for your organization
Enables Stoïk to read events from the Microsoft 365 activity feed to detect suspicious actions or anomalies related to user activity.
Read all applications
Allows the application to read all applications and core service objects in the tenant, used to analyse the configuration and identify anomalies.
Google Workspace setup
Google Workspace requires a short configuration in the Google Admin Console.
Sign in to the Google Admin Console and log in with a Google Workspace administrator account
Go to Domain-wide Delegation (Security > Access and data control > API controls > Domain-wide delegation)
Click
Add new
In the
Add a new client IDwindow, enter:Client ID:
115890102773233849646OAuth scopes:
https://www.googleapis.com/auth/gmail.insert, https://www.googleapis.com/auth/gmail.metadata
Click
AuthorizeReturn to Stoïk Protect and click
Confirm
Your phishing module is now configured and ready to use.
If you encounter any issues during setup, please refer to Errors during Phishing module setup for detailed troubleshooting guidance.
3. Automatic continuous phishing campaign
As part of the onboarding process, Stoïk Protect automatically launches a continuous phishing campaign to ensure ongoing employee awareness training from day one.
How the automatic campaign works
Once onboarding is completed, a campaign named “Continuous campaign” is created automatically with the following configuration:
Start date: tomorrow
Email distribution: spread over 14 days
Recurrence: continuous (the campaign repeats automatically)
Audience: all active employees
Content: all available templates and scenarios
The campaign is identified by a specific icon with the tooltip Automatic campaign.
This ensures that employees receive phishing simulations on a regular basis without requiring any manual setup.
Rules and limitations
To guarantee continuous training, some settings of this campaign are fixed:
The campaign cannot be deleted (it can be paused if needed)
The recurrence is locked to continuous repetition
The campaign must always include:
At least one employee
At least one phishing scenario
Last updated
Was this helpful?