{"id":30188,"date":"2024-08-13T14:24:35","date_gmt":"2024-08-13T12:24:35","guid":{"rendered":"https:\/\/smartfense.com\/sin-categorizar\/buenas-practicas-simulacion-phishing\/"},"modified":"2024-09-27T13:57:28","modified_gmt":"2024-09-27T11:57:28","slug":"best-practices-in-creating-phishing-simulation-campaigns","status":"publish","type":"post","link":"https:\/\/smartfense.com\/en\/blog\/best-practices-in-creating-phishing-simulation-campaigns\/","title":{"rendered":"Best practices in creating phishing simulation campaigns"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">In this post, I compile some of the recommendations that, in my personal opinion, I find most important when simulating Phishing.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In this post, I assume that <\/span><a href=\"https:\/\/smartfense.com\/blog\/como-obtener-el-apoyo-de-la-alta-direccion-los-casos-de-negocio\/\"><span style=\"font-weight: 400;\">the executives of the organization already understand the importance of this practice<\/span><\/a><span style=\"font-weight: 400;\"> and have demonstrated their commitment to managing social engineering.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Without further ado, let&#8217;s go with the best practices in creating Phishing simulation campaigns.<\/span><\/p>\n<h2><b>Do Your Homework First<\/b><\/h2>\n<h3><b>Quick Tip<\/b><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Be clear about why you are simulating<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Carry out an orderly Whitelist process<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Launch test campaigns<\/span><\/li>\n<\/ul>\n<h3><b>Detailed Tip<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">The fundamental objective of a Phishing simulation is <\/span><a href=\"https:\/\/smartfense.com\/en\/blog\/do-you-really-know-what-a-phishing-simulation-is-are-you-sure\/\"><span style=\"font-weight: 400;\">to measure user behavior to understand the organization&#8217;s risk level<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Therefore, this is likely one of the objectives of your simulations. From here, many others can derive. Generally, they will focus on managing social engineering risk and developing safe habits.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">But focusing on the basics, if we want to know how our users would behave in the face of a real attack, we must ensure that the user universe we want to evaluate receives the Phishing email.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">That&#8217;s what a <\/span><b>Whitelist process<\/b><span style=\"font-weight: 400;\"> is for. Basically, you need to configure the various security tools of our organization to let simulation emails through, <\/span><a href=\"https:\/\/smartfense.com\/en\/blog\/false-positives-in-simulations-origin-and-solutions\/\"><span style=\"font-weight: 400;\">ideally without even touching them<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Once the configurations are made, we must launch<\/span><b> test campaigns.<\/b><span style=\"font-weight: 400;\"> This type of campaign will allow us to know if our Whitelist process is working correctly and if we have considered all the corporate tools we have implemented.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This last point may seem a bit strange, but many organizations are surprised at this stage. When they launch the test, they find that there are more tools analyzing the emails than they had documented. For this reason, the Whitelist process is often more difficult than expected, but it leads organizations to improve their knowledge and documentation of the security tools they possess.<\/span><\/p>\n<p><b>Recommended Reading: <\/b><a href=\"https:\/\/smartfense.com\/blog\/deja-ya-de-hacer-simulaciones-de-phishing-en-serio\/\"><span style=\"font-weight: 400;\">Stop Doing Phishing Simulations! Seriously?<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h2><b>Don\u2019t Try to Catch All Users<\/b><\/h2>\n<h3><b>Quick Tip<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Make your simulations resemble real cases. Don\u2019t force simulation scenarios to catch as many users as possible. That will only give you unrealistic metrics.<\/span><\/p>\n<h3><b>Detailed Tip<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">We are talking about simulating Phishing. Simulating means representing something, making it seem real, so our Phishing simulations must behave like real Phishing.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">So, let&#8217;s start from the beginning.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A simulation replicates the behavior of a real cyberattack in the following aspects:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Campaign Duration<\/b><span style=\"font-weight: 400;\">, usually a couple of hours<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Medium<\/b><span style=\"font-weight: 400;\"> used to deliver the attack, generally via email<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Presence of social engineering techniques<\/b><span style=\"font-weight: 400;\"> in the headers and body of the message<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use of <\/span><b>links<\/b><span style=\"font-weight: 400;\"> or <\/span><b>attachments<\/b><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Use of <\/span><b>fake websites<\/b><span style=\"font-weight: 400;\"> that replicate real ones<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Measuring user actions<\/b><span style=\"font-weight: 400;\">, that is, if they open the email, if they click on a link, etc.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">But there is an important difference: a simulation does not capture sensitive information and is harmless to the end user or the organization.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Generally, real Phishing attacks end when the cybercriminal captures, for example, the user&#8217;s credentials. In contrast, a simulation can show an <\/span><a href=\"https:\/\/smartfense.com\/en\/blog\/the-best-time-for-our-users-to-learn\/\"><span style=\"font-weight: 400;\">educational message<\/span><\/a><span style=\"font-weight: 400;\"> after the user takes a risky action, such as submitting private information in a form.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">However, <\/span><b>many security leaders expect something different:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">That the simulation campaigns last for weeks<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">That they are correctly received in everyone&#8217;s inbox<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">That the selected scenario piques everyone&#8217;s interest<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">That all possible users fall for it<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">For this, they spend weeks preparing the perfect Phishing scenario, abusing the internal information they have about the organization and users. At SMARTFENSE, we call this practice the golden Phishing simulation.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Of course, it is not recommended at all, as we will be skewing the results of the campaigns and obtaining results that will not be coherent with reality.<\/span><\/p>\n<p><b>Recommended Reading: <\/b><a href=\"https:\/\/smartfense.com\/blog\/la-simulacion-de-phishing-de-oro-o-como-interpretamos-de-manera-incorrecta-los-resultados-de-nuestras-pruebas\/\"><span style=\"font-weight: 400;\">The Golden Phishing Simulation, or How We Incorrectly Interpret the Results of Our Tests<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h2><b>Send Many Simulations<\/b><\/h2>\n<h3><b>Quick Tip<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Send a set of simulations per month and then group them to see the summarized results.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Each campaign of the month should vary in terms of theme, day, time, target user group, type of deception, degree of personalization, etc.<\/span><\/p>\n<h3><b>Detailed Tip<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">The truth is that sending a few simulations per year won\u2019t help much.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This is because each simulation we send <\/span><b>is biased by numerous factors<\/b><span style=\"font-weight: 400;\">, including:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The level of interest the user has in the email subject,\n<p> for example, invitations to events, notices, etc.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The delivery time, for example, holidays, vacations, etc.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The moment the user receives it, for example, early in the morning or late in the day.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">So, if we don\u2019t have a constant rhythm of simulation campaigns, the information we obtain will not be reliable.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">That&#8217;s why we recommend sending a set of campaigns per month, ideally at least three, and from there, we can start measuring trends.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">We can also aggregate these campaigns according to groups or different characteristics of our organization, such as department, position, seniority, etc. This will allow us to get a clearer picture of the real situation of our users.<\/span><\/p>\n<p><b>Recommended Reading: <\/b><a href=\"https:\/\/smartfense.com\/blog\/como-interpretar-tus-resultados-de-simulaciones-de-phishing\/\"><span style=\"font-weight: 400;\">How to Interpret Your Phishing Simulation Results<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h2><b>Educate Users<\/b><\/h2>\n<h3><b>Quick Tip<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Always accompany the simulations with educational material that explains the risks and teaches how to act.<\/span><\/p>\n<h3><b>Detailed Tip<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Phishing simulations are not only intended to measure user behavior, but also to educate.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The moment we create a campaign, we should also be preparing educational content. This is where we can add the educational message discussed earlier.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Users should not only know what they did wrong, but also understand the risks and learn how to respond to Phishing emails.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It is essential that, at the end of each simulation, users receive relevant material that helps them learn more about how to protect themselves.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Educating users is a fundamental aspect of risk management, and thus we should dedicate time and resources to develop educational material and training.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Users will remember that they learned and will start to adopt safer habits in their daily work.<\/span><\/p>\n<p><b>Recommended Reading: <\/b><a href=\"https:\/\/smartfense.com\/en\/blog\/awareness-training-how-do-we-do-it\/\"><span style=\"font-weight: 400;\">Awareness Training: How Do We Do It?<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h2><b>Measure, Measure, Measure!<\/b><\/h2>\n<h3><b>Quick Tip<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Establish KPIs and measure every campaign.<\/span><\/p>\n<h3><b>Detailed Tip<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">To properly evaluate the results of our simulation campaigns, we need to set clear KPIs and metrics that allow us to measure everything in detail.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This way, we will be able to know exactly what worked and what didn\u2019t. Furthermore, it will allow us to adjust our future campaigns accordingly.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In conclusion, keep in mind that the more we measure, the better our understanding will be about how our users react.<\/span><\/p>\n<p><b>Recommended Reading: <\/b><a href=\"https:\/\/smartfense.com\/blog\/8-pasos-para-mejorar-tu-programa-de-concienciacion\/\"><span style=\"font-weight: 400;\">8 Steps to Improve Your Awareness Program<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h2><b>Keep Improving!<\/b><\/h2>\n<h3><b>Quick Tip<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Adjust and improve your campaigns based on the results obtained.<\/span><\/p>\n<h3><b>Detailed Tip<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Finally, it is essential that you not only evaluate your campaigns, but also continuously improve them.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Based on the results, you will need to fine-tune and adjust your campaigns, improve the Whitelist process, include different social engineering techniques, and educate your users with more engaging content.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As in all security measures, the improvement cycle must be continuous.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Always keep in mind that the Phishing landscape is always evolving, so you must adapt your training accordingly.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The commitment to improving your Phishing simulation campaigns will be fundamental to obtaining solid and reliable results.<\/span><\/p>\n<p><b>Recommended Reading: <\/b><a href=\"https:\/\/smartfense.com\/blog\/4-pasos-para-mejorar-tu-programa-de-simulacion-de-phishing\/\"><span style=\"font-weight: 400;\">4 Steps to Improve Your Phishing Simulation Program<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this post, I compile some of the recommendations that, in my personal opinion, I find most important when simulating Phishing. In this post, I assume that the executives of [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":26950,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[686],"tags":[586,510,849,730,1041],"class_list":["post-30188","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-advice","tag-best-practices","tag-phishing-en","tag-phishing-simulation-campaign","tag-simulation-en"],"acf":[],"yoast_head":" \n<title>Buenas pr\u00e1cticas en la creaci\u00f3n de campa\u00f1as de Phishing<\/title>\n<meta name=\"description\" content=\"En este post podr\u00e1s conocer pr\u00e1cticas recomendadas a la hora de gestionar tus campa\u00f1as de simulaci\u00f3n de Phishing.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/smartfense.com\/en\/blog\/best-practices-in-creating-phishing-simulation-campaigns\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Buenas pr\u00e1cticas en la creaci\u00f3n de campa\u00f1as de Phishing\" \/>\n<meta property=\"og:description\" content=\"En este post podr\u00e1s conocer pr\u00e1cticas recomendadas a la hora de gestionar tus campa\u00f1as de simulaci\u00f3n de Phishing.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/smartfense.com\/en\/blog\/best-practices-in-creating-phishing-simulation-campaigns\/\" \/>\n<meta property=\"og:site_name\" content=\"SMARTFENSE - Awareness in Cyber Security\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-13T12:24:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-27T11:57:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/smartfense.com\/file\/2024\/08\/post-buenas-practicas-phishing.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"768\" \/>\n\t<meta property=\"og:image:height\" content=\"403\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Nicol\u00e1s Bruna\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nicol\u00e1s Bruna\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/best-practices-in-creating-phishing-simulation-campaigns\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/best-practices-in-creating-phishing-simulation-campaigns\\\/\"},\"author\":{\"name\":\"Nicol\u00e1s Bruna\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#\\\/schema\\\/person\\\/5494c12e79213c554fa449135589c24c\"},\"headline\":\"Best practices in creating phishing simulation campaigns\",\"datePublished\":\"2024-08-13T12:24:35+00:00\",\"dateModified\":\"2024-09-27T11:57:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/best-practices-in-creating-phishing-simulation-campaigns\\\/\"},\"wordCount\":1208,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/best-practices-in-creating-phishing-simulation-campaigns\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/post-buenas-practicas-phishing.jpg\",\"keywords\":[\"advice\",\"best practices\",\"phishing\",\"phishing simulation campaign\",\"simulation\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/best-practices-in-creating-phishing-simulation-campaigns\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/best-practices-in-creating-phishing-simulation-campaigns\\\/\",\"url\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/best-practices-in-creating-phishing-simulation-campaigns\\\/\",\"name\":\"Buenas pr\u00e1cticas en la creaci\u00f3n de campa\u00f1as de Phishing\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/best-practices-in-creating-phishing-simulation-campaigns\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/best-practices-in-creating-phishing-simulation-campaigns\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/post-buenas-practicas-phishing.jpg\",\"datePublished\":\"2024-08-13T12:24:35+00:00\",\"dateModified\":\"2024-09-27T11:57:28+00:00\",\"description\":\"En este post podr\u00e1s conocer pr\u00e1cticas recomendadas a la hora de gestionar tus campa\u00f1as de simulaci\u00f3n de Phishing.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/best-practices-in-creating-phishing-simulation-campaigns\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/best-practices-in-creating-phishing-simulation-campaigns\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/best-practices-in-creating-phishing-simulation-campaigns\\\/#primaryimage\",\"url\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/post-buenas-practicas-phishing.jpg\",\"contentUrl\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/post-buenas-practicas-phishing.jpg\",\"width\":768,\"height\":403,\"caption\":\"Foto de un ave pescando\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/blog\\\/best-practices-in-creating-phishing-simulation-campaigns\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\\\/\\\/smartfense.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Best practices in creating phishing simulation campaigns\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/smartfense.com\\\/en\\\/\",\"name\":\"SMARTFENSE - Concienciaci\u00f3n en Ciberseguridad\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/smartfense.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#organization\",\"name\":\"SMARTFENSE\",\"url\":\"https:\\\/\\\/smartfense.com\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-smartfense-240x40-1.png\",\"contentUrl\":\"https:\\\/\\\/smartfense.com\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-smartfense-240x40-1.png\",\"width\":241,\"height\":40,\"caption\":\"SMARTFENSE\"},\"image\":{\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/smartfense.com\\\/en\\\/#\\\/schema\\\/person\\\/5494c12e79213c554fa449135589c24c\",\"name\":\"Nicol\u00e1s Bruna\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b03096bf4c3dd886cfcffd7415eadf6f80d2c8126188409e7d4d1d1b6b911fcb?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b03096bf4c3dd886cfcffd7415eadf6f80d2c8126188409e7d4d1d1b6b911fcb?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b03096bf4c3dd886cfcffd7415eadf6f80d2c8126188409e7d4d1d1b6b911fcb?s=96&d=mm&r=g\",\"caption\":\"Nicol\u00e1s Bruna\"},\"description\":\"Product Manager de SMARTFENSE. Su misi\u00f3n en la empresa es mejorar la plataforma d\u00eda a d\u00eda y evangelizar sobre la importancia de la concientizaci\u00f3n. Ha escrito dos whitepapers y m\u00e1s de 150 art\u00edculos sobre gesti\u00f3n del riesgo de la ingenier\u00eda social, creaci\u00f3n de culturas seguras y cumplimiento de normativas. Tambi\u00e9n es uno de los autores de la Gu\u00eda de Ransomware de OWASP y el Calculador de costos de Ransomware, entre otros recursos gratuitos.\",\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/in\\\/nicolasbruna\\\/\"],\"url\":\"https:\\\/\\\/smartfense.com\\\/en\\\/author\\\/nicolas\\\/\"}]}<\/script>\n ","yoast_head_json":{"title":"Buenas pr\u00e1cticas en la creaci\u00f3n de campa\u00f1as de Phishing","description":"En este post podr\u00e1s conocer pr\u00e1cticas recomendadas a la hora de gestionar tus campa\u00f1as de simulaci\u00f3n de Phishing.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/smartfense.com\/en\/blog\/best-practices-in-creating-phishing-simulation-campaigns\/","og_locale":"en_US","og_type":"article","og_title":"Buenas pr\u00e1cticas en la creaci\u00f3n de campa\u00f1as de Phishing","og_description":"En este post podr\u00e1s conocer pr\u00e1cticas recomendadas a la hora de gestionar tus campa\u00f1as de simulaci\u00f3n de Phishing.","og_url":"https:\/\/smartfense.com\/en\/blog\/best-practices-in-creating-phishing-simulation-campaigns\/","og_site_name":"SMARTFENSE - Awareness in Cyber Security","article_published_time":"2024-08-13T12:24:35+00:00","article_modified_time":"2024-09-27T11:57:28+00:00","og_image":[{"width":768,"height":403,"url":"https:\/\/smartfense.com\/file\/2024\/08\/post-buenas-practicas-phishing.jpg","type":"image\/jpeg"}],"author":"Nicol\u00e1s Bruna","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Nicol\u00e1s Bruna","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/smartfense.com\/en\/blog\/best-practices-in-creating-phishing-simulation-campaigns\/#article","isPartOf":{"@id":"https:\/\/smartfense.com\/en\/blog\/best-practices-in-creating-phishing-simulation-campaigns\/"},"author":{"name":"Nicol\u00e1s Bruna","@id":"https:\/\/smartfense.com\/en\/#\/schema\/person\/5494c12e79213c554fa449135589c24c"},"headline":"Best practices in creating phishing simulation campaigns","datePublished":"2024-08-13T12:24:35+00:00","dateModified":"2024-09-27T11:57:28+00:00","mainEntityOfPage":{"@id":"https:\/\/smartfense.com\/en\/blog\/best-practices-in-creating-phishing-simulation-campaigns\/"},"wordCount":1208,"commentCount":0,"publisher":{"@id":"https:\/\/smartfense.com\/en\/#organization"},"image":{"@id":"https:\/\/smartfense.com\/en\/blog\/best-practices-in-creating-phishing-simulation-campaigns\/#primaryimage"},"thumbnailUrl":"https:\/\/smartfense.com\/file\/2024\/08\/post-buenas-practicas-phishing.jpg","keywords":["advice","best practices","phishing","phishing simulation campaign","simulation"],"articleSection":["Blog"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/smartfense.com\/en\/blog\/best-practices-in-creating-phishing-simulation-campaigns\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/smartfense.com\/en\/blog\/best-practices-in-creating-phishing-simulation-campaigns\/","url":"https:\/\/smartfense.com\/en\/blog\/best-practices-in-creating-phishing-simulation-campaigns\/","name":"Buenas pr\u00e1cticas en la creaci\u00f3n de campa\u00f1as de Phishing","isPartOf":{"@id":"https:\/\/smartfense.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/smartfense.com\/en\/blog\/best-practices-in-creating-phishing-simulation-campaigns\/#primaryimage"},"image":{"@id":"https:\/\/smartfense.com\/en\/blog\/best-practices-in-creating-phishing-simulation-campaigns\/#primaryimage"},"thumbnailUrl":"https:\/\/smartfense.com\/file\/2024\/08\/post-buenas-practicas-phishing.jpg","datePublished":"2024-08-13T12:24:35+00:00","dateModified":"2024-09-27T11:57:28+00:00","description":"En este post podr\u00e1s conocer pr\u00e1cticas recomendadas a la hora de gestionar tus campa\u00f1as de simulaci\u00f3n de Phishing.","breadcrumb":{"@id":"https:\/\/smartfense.com\/en\/blog\/best-practices-in-creating-phishing-simulation-campaigns\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/smartfense.com\/en\/blog\/best-practices-in-creating-phishing-simulation-campaigns\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/smartfense.com\/en\/blog\/best-practices-in-creating-phishing-simulation-campaigns\/#primaryimage","url":"https:\/\/smartfense.com\/file\/2024\/08\/post-buenas-practicas-phishing.jpg","contentUrl":"https:\/\/smartfense.com\/file\/2024\/08\/post-buenas-practicas-phishing.jpg","width":768,"height":403,"caption":"Foto de un ave pescando"},{"@type":"BreadcrumbList","@id":"https:\/\/smartfense.com\/en\/blog\/best-practices-in-creating-phishing-simulation-campaigns\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/smartfense.com\/en\/"},{"@type":"ListItem","position":2,"name":"Best practices in creating phishing simulation campaigns"}]},{"@type":"WebSite","@id":"https:\/\/smartfense.com\/en\/#website","url":"https:\/\/smartfense.com\/en\/","name":"SMARTFENSE - Concienciaci\u00f3n en Ciberseguridad","description":"","publisher":{"@id":"https:\/\/smartfense.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/smartfense.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/smartfense.com\/en\/#organization","name":"SMARTFENSE","url":"https:\/\/smartfense.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/smartfense.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/smartfense.com\/file\/2023\/08\/logo-smartfense-240x40-1.png","contentUrl":"https:\/\/smartfense.com\/file\/2023\/08\/logo-smartfense-240x40-1.png","width":241,"height":40,"caption":"SMARTFENSE"},"image":{"@id":"https:\/\/smartfense.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/smartfense.com\/en\/#\/schema\/person\/5494c12e79213c554fa449135589c24c","name":"Nicol\u00e1s Bruna","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b03096bf4c3dd886cfcffd7415eadf6f80d2c8126188409e7d4d1d1b6b911fcb?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b03096bf4c3dd886cfcffd7415eadf6f80d2c8126188409e7d4d1d1b6b911fcb?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b03096bf4c3dd886cfcffd7415eadf6f80d2c8126188409e7d4d1d1b6b911fcb?s=96&d=mm&r=g","caption":"Nicol\u00e1s Bruna"},"description":"Product Manager de SMARTFENSE. Su misi\u00f3n en la empresa es mejorar la plataforma d\u00eda a d\u00eda y evangelizar sobre la importancia de la concientizaci\u00f3n. Ha escrito dos whitepapers y m\u00e1s de 150 art\u00edculos sobre gesti\u00f3n del riesgo de la ingenier\u00eda social, creaci\u00f3n de culturas seguras y cumplimiento de normativas. Tambi\u00e9n es uno de los autores de la Gu\u00eda de Ransomware de OWASP y el Calculador de costos de Ransomware, entre otros recursos gratuitos.","sameAs":["https:\/\/www.linkedin.com\/in\/nicolasbruna\/"],"url":"https:\/\/smartfense.com\/en\/author\/nicolas\/"}]}},"_links":{"self":[{"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/posts\/30188","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/comments?post=30188"}],"version-history":[{"count":2,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/posts\/30188\/revisions"}],"predecessor-version":[{"id":30190,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/posts\/30188\/revisions\/30190"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/media\/26950"}],"wp:attachment":[{"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/media?parent=30188"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/categories?post=30188"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/smartfense.com\/en\/wp-json\/wp\/v2\/tags?post=30188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}