It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Understanding Benchmark Campaigns

  • Last updated on

Benchmarking is the only true way to see how your company stacks up when it comes to security awareness. To help you in this effort, Security Awareness Training includes a growing catalog of pre-packaged benchmarking campaigns.

All benchmarking campaigns consist of a simulated phishing email and landing page that targets employees in your address book. Benchmarking campaigns are categorized under the Benchmark Content Group Category. Once the campaign concludes, reporting allows you to see how many of your users engaged with the email and to what extent. You also receive insights into how your employees compare with others within and outside of your industry.

This article describes the available benchmark campaigns.

  • For instructions on setting up and running a benchmark campaign, refer to Creating and Running a Benchmark Campaign.
  • To view the results of a benchmark campaign, refer to Benchmark Results. You can also see a PDF summarizing the results following each campaign description below (starting in 2023).

Available Benchmark Campaigns

202310 – EvilProxy Phishing Email

Use this campaign to send your users email that closely mimics a real-world threat currently targeting Microsoft 365 users - the EvilProxy phishing framework. This campaign tests against lookalike emails intending to harvest login credentials. Then you can see how your users compared with those in other industries or within your own vertical.

docusign-phish.png

 

docusign.png

Campaign Summary Results

October 2023 Benchmarking Campaign Wrap Up – See the results in total and broken down by industry. There are also instructions to send follow up campaigns reinforcing both positive and negative actions taken by your employees.


 

202304 – Someone Searched You Phishing Email

Send your users a false warning that their personal information has been searched online. This campaign will help you determine who in your organization would click on an authentic looking phishing email. Then you can see how your users compare with users in other industries or within your own vertical.

flagged-phishing.png

Campaign Summary Results

April 2023 Benchmarking Campaign Wrap Up – See the results in total and broken down by industry. There are also instructions to send follow up campaigns reinforcing both positive and negative actions taken by your employees. 


 

202210 – Profit Sharing Email with Login Page

Use this campaign to send your users a false company profit sharing email linking to a fake login page. This campaign tests your users against lookalike emails that intend to harvest login credentials. Then you can see how your users compared with users in other industries or within your own vertical.

keysaver.png


 

202204 – OneDrive Backup Failure with Login Page

Use this campaign to send your users a false Microsoft OneDrive backup failure notice linking to a fake login page. This campaign tests your users against lookalike emails that intend to harvest login credentials. Then you can see how your users compared with users in other industries or within your own vertical.

Benchmarking Email 042022.png


 

202110 – Mask Mandate with Information Links

Use this campaign to send your users a fake Mandatory Mask Mandate email, informing them about new mask updates, and providing them with an opportunity to learn more about mask mandates by region and about the mission statement of the email sender. This campaign tests whether users will click links sent by unknown, but seemingly official senders. Then you can see how your users compared with users in other industries or within your own vertical.

benchmarkMaskMandate.png


 

202104 – Taco Bell Rewards with Unsubscribe Link

Use this campaign to send your users a fake Taco Bell Rewards email informing them they have been automatically enrolled for daily emails and texts, providing them with an opportunity to unsubscribe. This campaign tests the theory that users are more likely to click unsubscribe links because they consider them safe. Then you can see how your users compared with users in other industries or within your own vertical.

email sample.png


 

202010 – Microsoft 365 Account Termination Notice with Login Page

Use this campaign to send your users a false Microsoft 365 account termination notice that leads to a false login page. This campaign tests your users against lookalike emails with credential harvesting. Then you can see how your users compared with users in other industries or within your own vertical.

O365..png


 

202005 – Amazon Fraud Notice with Login Page

Use this campaign to send your users a false notice from Amazon that leads to a false login page. This campaign tests your users against lookalike emails with credential harvesting. Then you can see how your users compared with users in other industries or within your own vertical.

Benchmark_2020_04_Amazon.png


 

201910 – FedEx Cancelled Delivery with Login Page

Use this campaign to send your users a false FedEx delivery message that leads to a false login page. This campaign tests your users against lookalike emails with credential harvesting. Then you can see how your users compared with users in other industries or within your own vertical.

FedEx.png


 

201904 – Quarantine Message with Login Page

Use this campaign to send your users a false Microsoft quarantine message that leads to a false login page. This campaign tests your users against lookalike emails with credential harvesting. Then you can see how your users compared with users in other industries or within your own vertical.

benchmarkExample.png


 

201810 – Google Docs with Login Page

Use this campaign to send your users an email from Gloogle, a lookalike company, inviting them to access a shared document management folder. This leads to a false login page. This campaign tests your users against lookalike emails with credential harvesting. Then you can see how your users compared with users in other industries or within your own vertical.

gloogle.png


 

201804 – Delivery – Blind Test

Use this campaign to send your users a false email about a delayed shipment. In a blind test, the user is not told that they just clicked on a bad link. Then you can see how your users compared with users in other industries or within your own vertical.

deliveryWaiting.png