BullPhish ID Updates
New Training Videos Expand BullPhish ID Training Library to 100+ Courses; Refreshed Phishing Kits Released
The BullPhish ID team is excited to announce the release of eight new video training courses, bringing the total number of videos available to our customers to more than 100.
The new courses will educate your users on important cybersecurity topics, like widespread attack types and security best practices, to help them protect themselves and their organizations from cybercrime. The videos include:
- Business Email Compromise: Learn what a business email compromise attack is and examine the common tactics used in these attacks.
- Choosing Strong MFA Second Factors: Understand the second-factor techniques and the types of accounts you should enable MFA for.
- Common Attack Methods: Explore the common phishing attack methods: pretexting, malicious links and malicious attachments.
- Common Attack Methods: Explore the common phishing attack methods: pretexting, malicious links and malicious attachments.
- Dangers of Password Reuse: Examine how common and dangerous password reuse is, and the reasons why users continue to reuse passwords.
- Intro to Social Engineering: Find out how social engineering attacks work so you can identify them in the future.
- Pretexting: Learn about a specific type of social engineering attack known as a pretexting attack.
- Spotting and Reporting Phishing: Learn how to spot phishing emails and examine why it is essential to report them.
Updated Phishing Kits
We’ve refreshed three existing phishing kits by making updates to both the emails and the corresponding landing pages to make them more convincing and realistic. The refreshed kits include:
- Norton – Free Offer
- Xfinity – You’re Receiving a Credit
- Word Health Organization – Safety Measures
Find the new videos and updated kits in the Training and Phishing portals of BullPhish ID, respectively.
New Phishing Kits Added to BullPhish ID’s Phishing Simulation Lineup
The BullPhish ID team has added four brand-new phishing kits to the already extensive phishing simulation library. These kits are especially relevant to our Australian customers as they feature service providers and institutions that businesses and individuals in the region commonly interact with:
- EnergyAustralia – View your electricity bill
- Australia Post – Your package is on hold
- National Australia Bank – Account verification
- CommonwealthBank – Confirm your account
New Option to Enforce Log In With KaseyaOne; 30+ New and Updated Phishing Kits for Your Campaigns
New Feature: Require Log In With KaseyaOne
The Require Log In With KaseyaOne feature forces users to log in with their KaseyaOne credentials to access BullPhish ID. When the feature is enabled by an organization, users can no longer log in to BullPhish ID locally with their BullPhish ID credentials.
Enabling the Require Log In With KaseyaOne feature allows users to authenticate their KaseyaOne modules using just one set of credentials. This provides a smoother user experience and increased security.
You can select which users you want to provide an exception to this requirement. The selected users will be able to log in to BullPhish ID with their BullPhish ID credentials while still having the option to log in using the KaseyaOne login method
The Require Log In With KaseyaOne feature is available on the Organizations > Settings page. KaseyaOne Unified Login must be enabled to activate the Require Log In With KaseyaOne feature.
New & Updated Phishing Kits to Guarantee Effective Anti-Phishing Exercises
In the past few weeks, the BullPhish ID team has created four new kits and overhauled 27 existing kits to keep them fresh and realistic.
Take advantage of these incredibly convincing phishing simulation kits to train your users to spot phishing attempts in a safe setting.
Brand New Kits:
- Southwest Airlines - Discount Offer
- Barclays - Ultimate Prize
- Office 365 - Employee Benefits Package
- HSBC - Security Improvement v2
Updated Kits:
- USPS - Mail-In Ballot
- USPS - Delivery Notification
- State Farm - Discount Offer
- Vote.Org - Donate to Election
- Venmo - Gift Card Offer
- Venmo - New Device Alert
- Spotify - Account Suspended
- Twitter - Locked Account
- Tigerpaw - Assessment Software
- OneDrive - Document Invite
- SharePoint - Remote Work Policy
- MyKaplan - Special Offer
- PayPal - Fraudulent Activity
- Schedulicity - Important Message
- Staples - Invoice Request
- Chase Bank - Account Closed
- iCloud - Storage Full
- McAfee - Antivirus Disabled
- H&R Block - Verify Email
- Office 365 - Password Notification
- Office 365 - Suspicious Login
- Office 365 - Exchange Service Outage
- Office 365 - Suspension Notice
- Office 365 - Re-Authentication Detection
- Netflix - Update Account
- HSBC - Security Improvement v1
- OneDrive - Changes to OneDrive
Find these and all other kits in the Phishing Simulation -> Phishing Kits section of BullPhish ID.
New BullPhish ID Integration Reduces Compliance Data Collection Time
The BullPhish ID and Compliance Manager GRC teams are excited to announce a new integration between their products that reduces time spent collecting compliance-related data.
Customers who have both BullPhish ID and Compliance Manager GRC will now be able to easily collect evidence of security awareness training via an automatic nightly sync. The evidence of training will automatically “attach” to the specific related controls across all standards as part of the controls assessment.
In the past, customers who needed to collect evidence of compliance for standards mandating security awareness training had to manually gather data and identify the controls that require this evidence for compliance audits.
The new BullPhish ID-Compliance Manager GRC integration allows you to:
- Collect training and phishing simulation campaign data as evidence of compliance
- Inject evidence of compliance automatically into related compliance controls and requirements
- Intelligently determine compliance of end clients for related compliance controls and requirements
For details on setting up this integration, please refer to this article.
What else is new in BullPhish ID?
10 updated phishing kits added to our phishing simulations lineup:
- Barclays – Expense Card Options
- Clio – Important Message
- Bank of Cyprus – Account Update
- Binance – Giveaway
- eBay – Suspicious Activity
- eBay – Confirm Account Details
- LinkedIn – Password Reset v2
- Hulu – ToS Update
- Human Resources – Leadership Survey
- Credit Karma – Recent Dispute
BullPhish ID Makes Security Training Even Easier With Automated User Reports
The BullPhish ID team is excited to announce Automated User Reports — a highly requested new feature that enhances product reporting capabilities and user experience.
This feature automates the generation and delivery of end-user reports for phishing and training campaigns within a specified date range. You can schedule these reports for regular distribution, allowing for better tracking and management of campaign progress at the individual user level.
The new automated reporting enables you to save a substantial amount of time that would otherwise be spent on manual report management tasks. On average, our MSP partners invest 4-6 hours per month in the labor-intensive process of manually downloading detailed campaign reports and then compiling and delivering these reports to their clients. With this feature, that time-consuming and repetitive work is eliminated, allowing you to redirect your efforts toward more valuable activities, such as sales and client engagement.
How it works:
-
To set up report automation, go to Automate Report on the left side menu.
-
In the Schedule window, select the SMB organization, your sending profile and time zone, and enter the desired recipients’ email addresses.
-
In the Report Types section, select the reports you want to automate: Business Reports, User Reports or both, and select the report delivery Frequency to indicate the time period for which data is included in the report: weekly, monthly or quarterly.
After this initial setup, the reports will be automatically emailed to the recipients at designated intervals.
For detailed instructions with screenshots, please refer to this KB article.
What else is new in BullPhish ID?
6 new and updated phishing kits added to our phishing simulations lineup:
- Apple: National Security Department (new)
- Microsoft Teams: Message Available v2 (updated)
- UPS: Package Delivered v2 (updated)
- UPS: Package Delivered v3 (updated)
- Zoom: Missed Call (updated)
- Bank of America: Account Suspended (new)
Automatic User Creation; New Phishing Kit, Landing Page and Training Courses Available
The new automatic user creation feature makes setting up new users in BullPhish ID a breeze
We are excited to introduce a new time-saving feature for BullPhish ID customers who have access to KaseyaOne — the customer portal and central hub for all Kaseya modules. After enabling KaseyaOne Unified Login and Automatic User Creation for your organization, your users in KaseyaOne who are granted access to the BullPhish ID module will automatically have a user created in BullPhish ID. The Automatic User Creation feature can be found on the KaseyaOne tab on the organization’s Settings page in BullPhish ID.
Important: The Enable log in with KaseyaOne toggle must be switched on to enable Automatic User Creation.
With the Automatic User Creation feature, you can select a default access role that will be automatically assigned to newly created users. For user role information, refer to the BullPhish ID user roles article. For more information about this new feature, see the article Chapter 2.2: Enabling automatic user creation.
A new phishing simulation kit is now live
The new “Netflix - Free Trial V2” phishing kit is now available.
New landing page for custom phishing kits
A new landing page, called OopsLandingPage, is now available in English for use when creating a custom phishing kit.
When using this landing page in your phishing kit, users will be taken to this page after clicking on the email and the step of taking them to a credential submission page will be skipped. Therefore, the Data Submitted status won’t be tracked, but No Action, Emails Opened and Links Clicked will still be tracked. The new landing page includes guidelines for identifying phishing threats and a link to the video course How to Avoid Phishing Scams.
New video training courses available in multiple languages
New training courses are now available in the BullPhish ID training portal. Introduction to Protecting Credentials: In this course, users can learn simple practices they should follow that make it nearly impossible for cybercriminals to compromise their credentials.
Common Attack Types: Phishing is the most common attack used by cybercriminals to gain access to computer systems. This course examines several common phishing attack types.
The Dangers of Password Sharing: Learn why password sharing is a bad idea and a fast path to a data breach or cyberattack for your organization.
The Basics of Multifactor Authentication: This course examines multifactor authentication and the benefits of implementing it.
Introduction to Phishing (updated version): This course examines the components of phishing, various phishing attack types and the steps to take if you suspect you have received a phishing email.
Below are the course titles in the foreign languages in which they are available (VO means the course is available with a foreign language voiceover):
| English Course Name | Spanish Course Name | French Course Name | Portuguese Course Name | German Course Name | Dutch Course Name |
|---|---|---|---|---|---|
| Introduction to Protecting Credentials | Introducción a la Protección de Credenciales VO | Introduction à la Protection des Identifiants VO | Introdução à Proteção de Credenciais VO | Einführung in den Schutz von Anmeldedaten | Inleiding tot het Beschermen van Toegangsgegevens |
| Common Attack Types | Tipos De Ataque Comunes VO | Types D’attaques Courantes VO | Tipos De Ataque Comuns VO | Häufige Angriffsarten | Veel Voorkomende Aanvallen |
| The Dangers of Password Sharing (English version previously published) | Los peligros de divulgar contraseñas VO | Les dangers liés au partage des mots de passe VO | O risco de compartilhar senhas VO | Gefahren beim Teilen von Kennwörtern | Gevaren van delenvan wachtwoorden |
| The Basics of Multifactor Authentication (English version previously published) | Aspectos Básicos de la Autenticación Multifactor VO | Les Bases de L’authentification Multifactorielle VO | Os Fundamentos da Autenticação Multifactor VO | Die Grundlagen der Multifaktor-Authentifizierung | De Belangrijkste Principes van Multifactorauthenticatie |
| Introduction to Phishing | Introducción al Phishing VO | Introduction а́ L’hameçonnage VO | Introdução ao Phishing VO | Einführung in Phishing | Inleiding tot Phishing |
BullPhish ID Billing Integration With Autotask and Kaseya BMS Saves Time, Streamlines MSP Billing
Customer billing just got easier for managed service providers (MSPs) with the new BullPhish ID integration with Autotask and Kaseya BMS PSAs — IT business management platforms commonly used by MSPs.
The new billing integrations feed MSPs’ BullPhish ID client usage and licensing data into the PSAs, helping partners automate customer invoice creation, save time and ensure their clients are always accurately billed for the security awareness training and phishing simulation services they receive.
In addition to BullPhish ID, both Autotask and BMS have billing integrations with other Kaseya Security and Audit & Compliance products, including Datto EDR, Graphus, RocketCyber and VulScan. The integrated billing eliminates hours of back-office work each month to reconcile usage and create client invoices.
Autotask
BMS
Note that you must have subscriptions to both BullPhish ID and Autotask or Kaseya BMS to enable the billing integration. Please refer to this guide to learn how to configure this functionality in Autotask and to this guide to configure it in BMS.
If you’re not an Autotask or BMS customer and would like to learn how these solutions can help you grow your business and build automated processes to increase profits, start by requesting an Autotask demo or BMS demo.
Updating the Client Secret for Microsoft Azure Integrations
The BullPhish ID team is excited to announce a highly requested product enhancement. For Microsoft Azure integrations, the Client Secret field in the BullPhish ID Directory Settings window is now editable.
After updating the Client Secret in the Directory Settings, there will be no need to worry about existing synced groups getting delinked. BullPhish ID now ensures that these groups will continue to sync effortlessly with the directory.
New Training Course Available
A new training course, “The Basics of Multifactor Authentication," is now available in English in the training portal. This video course is an addition to our Credentials Security series.
The course explains the concept of multifactor authentication and the benefits of implementing it.
For additional details about these and other BullPhish ID product updates, check out this Knowledge Base article.
A Highly-Requested Feature Is Now Live: Add Users to Ongoing Training Campaigns
The BullPhish ID team is excited to announce a new feature that our customers have been asking for: adding new employees (aka targets) to ongoing training campaigns. This feature ensures that new hires are automatically added to any in-progress training as soon as they come on board, reducing campaign management time and increasing the effectiveness of security training programs.
What it is:
Until now, newly hired users could only be added to scheduled BullPhish ID campaigns but not to in-progress campaigns. To train new hires, an administrator needed to create a separate campaign just for those employees. The new feature will eliminate that need and automatically add new employees to all ongoing campaigns.
This new capability saves you time and ensures your training campaigns reach all your employees, making training campaigns smoother and more effective.
How it works:
- On the “View All Training Campaigns” screen, switch on the “Enable continuous target sync” toggle in the top-right corner.
- This will add targets to running campaigns for all organizations belonging to a customer’s account.
- Groups will be synchronized before a campaign is processed in addition to a nightly sync.
For more details on the new feature, refer to this Knowledge Base article.
What else is new in BullPhish ID?
More Flexible MME Subscriptions
In the past, businesses that purchased BullPhish ID MME subscriptions had an arbitrary limit of five organizations within their account. We have now removed that limit, so our MME customers will no longer experience any issues related to this.
New Phishing Simulations Kits Are Live
Four new phishing kits in English and French are available for your phishing simulation campaigns.
FedEx – Package Delivery – v2
FedEx – Package Delivery – v2 (French)
GoDaddy – Payment Processing – v2
GoDaddy – Payment Processing – v2 (French)
New Training Videos Added to the BullPhish ID Course Library
New security awareness training courses are now available in the BullPhish ID training portal.
Social Media Safety
Cybercriminals can use social media to trick people into giving them information or doing things that could hurt their company. In this video, users will learn what to watch out for and how to avoid trouble on social media.
How to Protect Credentials Using Multifactor Authentication
Protecting your credentials is essential to prevent cyberattacks. Users will learn why protecting their credentials, like their passwords, is important and how to do it using multifactor authentication.
The Dangers of Password Sharing
Users will learn why password sharing is a bad idea and can how it can quickly lead to their organization falling victim to a data breach or cyberattack.
Two of the above courses are available in multiple foreign languages. Check the table below for the course titles in different languages.
| English Course Name | Spanish Course Name | French Course Name | Portuguese Course Name | German Course Name | Dutch Course Name |
|---|---|---|---|---|---|
| Social Media Safety | Seguridad en las redes sociales - VO | Sécurité des médias sociaux - VO | Segurança nas redes sociais - VO | Social-Media- Sicherheit | Veiligheid van sociale media |
| How to Protect Credentials Using Multifactor Authentication | Cómo proteger las credenciales usando autenticación multifactor - VO | Comment protéger les renseignements d'identification grâce à l'authentification multifactorielle - VO | Como proteger credenciais usando a autenticação multifator - VO | Schutz von Anmeldedaten mit Multi-Faktor- Authentifizierung | Inloggegevens beschermen met multifactorauthe nticatie |
New Training Videos and Phishing Simulation Kits Available
New Training Videos Added to the BullPhish ID Course Library
- Introduction to Password Security: Learn why password security is more important than you think with a real-life example of the damage cybercriminals can do with one stolen password.
- Ransomware Basics: Learn the basics of ransomware, including how it works and the damage it can do to your company.
Both of these courses are available with English, Latin American Spanish, Canadian French and Brazilian Portuguese voiceovers.
New Phishing Simulation Kits Are Live
Three new phishing kits are available for your phishing simulation campaigns.
- Dropbox ─ Suspicious Login v2
- Microsoft 365 ─ Account Suspended v2
- Microsoft ─ Quarantined Email v2
New BullPhish ID-IT Glue User Sync Simplifies Onboarding and Campaign Management
We are excited to announce a deepened workflow integration between BullPhish ID and IT Glue. The new integration adds the ability to sync contacts from IT Glue into BullPhish ID on top of the existing SMB org sync capability released last year, making your customer onboarding and campaign management in BullPhish ID even easier.
What it is:
Leveraging the IT Glue API, this integration expedites onboarding onto BullPhish ID by importing contacts (aka targets) from IT Glue to BullPhish ID, eliminating the need for manual data entry by customers. The BullPhish ID and IT Glue accounts remain linked, so any time you make changes to orgs or contacts on the IT Glue side, the changes automatically sync to BullPhish ID.
How it helps you:
The new integration greatly streamlines the new customer setup and ongoing campaign management within BullPhish ID, making it a great time saver.
Setting up each module and keeping customer and end user contact data up to date means you must constantly update client or employee data in every module you own, resulting in a lot of time spent on redundant tasks. IT Glue will serve as a “source of truth” for BullPhish ID, and any org name and contact changes made in IT Glue will automatically be reflected on the BullPhish ID side.
We encourage you to take a few minutes to set up this integration. Here’s how:
- First, you will need to log in to your IT Glue account, generate an API key for BullPhish ID and copy it.
- Next, log in to your BullPhish ID account, navigate to the Integrations section of the platform, paste the IT Glue API key and click Connect.
- To enable the integration, you will need to select which organizations and contacts you want to import from IT Glue in the “IT Glue Sync Settings” window in BullPhish ID.
- Next, go to the Contacts tab on the Integrations page to enable contact sync for the linked organizations.
- After the changes are saved, the sync will take place immediately, plus the data will automatically sync whenever changes are made in IT Glue.
For details on enabling the BullPhish ID-IT Glue user sync, please refer to this KB article.
Note: You must have subscriptions to both IT Glue and BullPhish ID to enable the integration.
New BullPhish ID User Reports Give You Detailed Campaign Results for Each End User
The BullPhish ID team is excited to announce the availability of new individual user reports that provide the phishing and training campaign status for every end user you manage. You can now easily obtain a single user view for all training/phishing campaigns you manage within a specified period.
To generate an individual user report, select an SMB organization, define a date range and download a CSV report that will display phishing and training campaign results at the user level.
The report will contain the following information:
- Names and email addresses of users that have received a campaign within your selected date range
- The training course/phishing kit name followed by the campaign name, the status of each user/what action they’ve taken and the progress they’ve made with the course/kit
For step-by-step instructions on how to create individual user reports, please check out the BullPhish ID release notes.
New BullPhish ID Enhancements Simplify Campaign Management
The BullPhish ID team is excited to announce a new workflow integration between BullPhish and Passly and new on-premise directory sync capabilities. The new integration streamlines customer onboarding and campaign management in BullPhish ID and advances the Kaseya IT Complete vision by making our product modules work together to simplify the lives of our customers.
If you have both Passly and BullPhish ID:
Customers using both products can now leverage Passly’s Active Directory sync capabilities to quickly onboard customers onto BullPhish ID and create campaigns with up-to-date lists of targets and groups.
Passly will serve as “the user store” for BullPhish ID, so any personnel changes in Active Directory will sync from Passly to BullPhish ID, ensuring an always-accurate list of targets ad groups to train.
To conduct effective security training campaigns, you need a current, accurate list of end users to be trained. The integration with Passly ensures the targets and groups within BullPhish ID are always up to date, greatly simplifying the new SMB organization setup and ongoing campaign management.
How to enable the Passly-BullPhish ID integration:
- First, log in to your Passly account, navigate to the Integration Manager section, generate an API key for BullPhish ID and copy it.
- Next, log in to your BullPhish ID account, navigate to Targets & Groups, then Directories. Click the + Add Directory Sync button to create a sync between an organization and a Passly directory.
- Click here for detailed instruction on enabling the integration.
What else is new?
Another enhancement included in this release is the on-premise Active Directory sync capability via Passly. Previously, BullPhish ID customers with on-premise email platforms couldn’t sync their Active Directory with BullPhish ID and had to create targets and groups manually in BullPhish ID. With the new Passly integration, Active Directory sync is now available for on-prem customers, eliminating the need for manual data entry.
BullPhish ID Rolls Out Multi-Org Phishing Campaigns Feature
The BullPhish ID team is excited to introduce the redesigned campaign process that allows our MSP customers to deploy phishing simulation campaigns to multiple clients simultaneously.
Setting up phishing simulation exercises for each client is a time-consuming task for MSPs. With the new feature, MSPs can now deploy phishing campaigns to multiple customers at the same time, saving hours of labor per month and enhancing their product experience.
Now, you can optimize your campaign creation process by easily creating daily/weekly/bi-weekly/monthly or quarterly campaigns for multiple organizations at once.
For detailed instructions, please refer to the BullPhish ID release notes.
New BullPhish ID Video Training Courses Reflect the Current Cyberthreats
The following new training videos are now available in BullPhish ID in the Training & Awareness section > Training Courses:
Ransomware in Healthcare
This video looks at the elevated risk of ransomware attacks in the healthcare sector, and the impact ransomware attack can have on healthcare organizations and patients.
Business Email Compromise (BEC) – Gift Card Scams
Get to know the signs of a common business email compromise attack — the gift card scam.
Business Email Compromise (BEC): Invoice/Urgent Payment Required Scams
An overview of urgent payment required or invoice scams — a common form of business email compromise fraud. Learn what they look like and what to do if you encounter one.
Business Email Compromise (BEC): Credentials & Data Theft Scams
Learn about business email compromise attacks that aim to obtain credentials or data under false pretenses and what you can do to prevent one from succeeding.
New Integration With IT Glue Simplifies Customer Onboarding for MSPs
The BullPhish ID team is excited to announce a new integration between BullPhish ID and IT Glue, an IT documentation platform and a part of the Kaseya product portfolio. This workflow integration further advances the Kaseya IT Complete vision by making our products work together to simplify the lives of our customers.
Leveraging the IT Glue API, this integration facilitates customer onboarding onto BullPhish ID by importing SMB organizations’ names from IT Glue and creating orgs with the same names in BullPhish ID, reducing the need for manual data entry by MSPs. The SMB organizations will remain linked, so any time an MSP makes changes to the org name in IT Glue, the changes will automatically sync to BullPhish ID.
The new integration greatly simplifies the new SMB organization setup and ongoing customer org management within BullPhish ID, in turn saving time for MSPs. Setting up each new product or keeping organization-related data up to date requires MSPs to manually update customer data in every product they own, which means spending a lot of time on redundant tasks. Fortunately, not anymore. IT Glue will serve as “the source of truth” and any name changes made to the IT Glue organizations will automatically be reflected in BullPhish ID.
To enable the integration:
- Log in to your IT Glue account, generate an API key for BPID and copy it.
- Next, log in to your BullPhish ID account, navigate to the Integrations section of the platform, paste the IT Glue API key and click Connect.
- When the integration is enabled, IT Glue and BullPhish organizations with the same name will be automatically linked.
- In the event an organization was created with a different name in either of the products, you can still manually link them on the Integrations page.
For additional details on the BullPhish ID-IT Glue integration, please refer to this guide.
Note: You must have subscriptions to both IT Glue and BullPhish ID to enable the integration.
New BullPhish ID Cybersecurity Video Training Courses Reflect the Latest Threats
The following new training videos are now available in BullPhish ID in the Training & Awareness section > Training Courses:
Brand Fraud and Spoofing
This video covers brand fraud and spoofing, including the most spoofed brands and what to watch out for to avoid getting caught by this type of phishing.
Social Media Phishing (Angler Phishing)
Learn how cybercriminals phish employees and endanger businesses through social media, including common red flags and what to do if it happens to you.
Executive Impersonation (Whaling)
Learn what a whaling or executive impersonation attack is, who might be the target of such an attack and what to do if you encounter one.
Security for Remote and Hybrid Workers
This video offers an overview of good security behavior for remote and hybrid workers as well as safety tips and examples of what they shouldn’t do.
Also, check out our brand-new compliance training videos available for your training programs now:
PIPEDA: The 10 Principles
The video explains the 10 guiding principles of PIPEDA that all organizations must adhere to remain compliant.
UK GDPR vs. EU GDPR
An overview of the differences between the UK GDPR and EU GDPR laws.
CMMC: Understanding the 5 Maturity Levels
An overview of the requirements for compliance with CMMC certification Levels 1–5.
New Integration With Graphus Saves Time and Ensures 100% Training Email Deliverability
The BullPhish ID team is excited to announce the Advanced Phishing Simulations (aka Drop-A-Phish) release, a major BullPhish ID enhancement that leverages a new integration with Kaseya’s email security solution, Graphus, to eliminate the need for domain whitelisting and ensure 100% campaign deliverability to your end users.
This integration makes conducting phishing simulation exercises and security awareness training campaigns easy and fast for you by removing the need to whitelist sending domains or IP addresses. Instead, the Graphus API gives BullPhish ID the ability to place phishing and training emails directly into end-user inboxes as opposed to sending them through the internet, saving you hours of whitelisting time.
This feature creates a unique advantage for BullPhish ID. Most of our competitors in the phishing simulation training space do not have this capability, so their customers must whitelist the vendors’ sending domains before they can start training their users.
How to Enable:
IMPORTANT: You must have subscriptions to both BullPhish ID and Graphus to enable this integration.
First, log in to Graphus and copy the BullPhish ID API key in the Integrations tab.
Then, go to BullPhish ID and paste the API key in the Integrations tab.
Once the API key is verified, BullPhish ID will sync all organizations with domains that exist in both Graphus and BullPhish ID, and for those organizations, whitelisting will no longer be needed.
Need details? Our Product team put together a KB article on how to enable this integration.
Take advantage of the powerful new workflow integration between BullPhish ID and Graphus today by adding Graphus to your security stack. Not only will you benefit from using best-in-class anti-phishing email security and security awareness training and phishing simulation platforms, you will also gain extra time savings and efficiencies from the integration between them.
BullPhish ID Training Content Now Available Inside Compliance Manager GRC
If you have subscriptions for both BullPhish ID and Compliance Manager GRC, you can now have the best of both worlds by creating evidence of compliance for all your security awareness training programs.
This integration brings 60+ BullPhish ID security awareness training video courses, plus a testing quiz for each, right into the Compliance Manager GRC self-serve end-user portal. Multiple languages are supported.
You get the same kind of controls and reporting on the BullPhish ID training content that you get with the basic Security Awareness Training lesson included with Compliance Manager GRC:
- Assign specific training courses to individuals and/or groups
- Notify end users to log into their branded Compliance Manager portals to access the training content
- Track who has completed viewing the content
- Record results of post-training quizzes
- Generate reports that can be used as evidence of compliance with training requirements.
With the combination of BullPhish ID and Compliance Manager GRC, you have the option to deliver end-user training directly from inside the Compliance Manager GRC self-serve portal, giving you bulletproof visibility into which employees are in compliance with their training requirements, and identify who needs to be called-out to meet their requirements.
Don’t have a subscription to Compliance Manager GRC? Click here to learn more and get a demo.
NEW Compliance Video Courses for Your Training Campaigns
The following new training videos are now available in BullPhish ID in the Training & Awareness section > Training Courses:
Introduction to the UK General Data Protection Regulation
An overview of the seven basic principles of the UK GDPR and penalties for noncompliance.
CMMC 2 (USA): What Information Is Protected and Why
Learn what kind of information is safeguarded by CMMC and why it is important to protect it.
NEW Security Awareness and Compliance Video Courses for Your Training Campaigns
The following new training videos are now available in BullPhish ID in the Training & Awareness section > Training Courses:
- Avoiding Cryptocurrency Risk: Crypto Mining
- NIST Incident Response Overview
- Nation-State Cybercrime: How Employees May Encounter Nation-State Threats
New Feature to Improve Training Campaign Effectiveness
The ID Agent team is excited to introduce Custom Domains, a new BullPhish ID functionality that will enhance the deliverability of training emails and improve the effectiveness of your security awareness training campaigns.
A highly requested enhancement by our customers, the new Custom Domains feature will allow you to use your own domain (or your customer’s domain) as the sending domain for security awareness training/phishing simulation emails. Users will be less likely to ignore, delete or mark training emails as spam because the emails will come from a domain they recognize and trust.
Previously, you had to choose from a fixed set of domains offered by BullPhish ID (for example, @bp-securityawareness.com, @bullphish.com, etc.) to send training campaigns to your end users. Some end users would get suspicious when they received emails from an unfamiliar domain or a domain that had a word “phish” in it. As a result, they often deleted the training emails or marked them as spam and never saw/took the training. Custom Domains will help solve the issue of training emails deliverability and increase your training campaign success.
To enable a custom domain, you need to perform certain configurations within your BullPhish ID product settings as well as make some changes to your DNS records. To make it a smooth experience, we created a guide with details and instructions.
The release went live in the product on March 31, so the feature is available to you to configure and start using immediately.
New Compliance Video Course for Your Training Campaigns
The following new training video is now available in BullPhish ID in the Training & Awareness section > Training Courses:
- Introduction to CMMC
NEW Security Awareness and Compliance Video Courses for Your Training Campaigns
The following new video courses are now available in BullPhish ID under Training & Awareness > Training Courses:
- Zero Trust Security: Introduction & Definition
- NIST CSF: Introduction
- NIST 800-171: Who Is Required to Comply and What Information Is Protected
- PIPEDA Overview
Decoupling from Dark Web ID, New Reporting, New Training Content
The ID Agent team is excited to announce several new features and enhancements to BullPhish ID that will further improve your experience with the product, streamline workflows and increase your productivity.
1. New BullPhish ID Reporting Module, Automated Reporting, Updated Report Design
You can now use the new Reporting menu on the left-hand side of the dashboard to download monthly and quarterly reports. We’ve also automated BullPhish ID reporting so campaign reports can now be generated and sent to end users automatically. No more manual running of one-off reports and then emailing them to clients — set it up once and sit back and relax. The reports will be created and delivered automatically. We’ve also updated the logic and UI of the reports to make them easier to understand and more visually appealing.
You will see a new Reporting menu item on the left-hand side of your admin dashboard, which has two additional options underneath:
- Export Report – Go here to download your monthly and quarterly reports.
- Automate Report – Go here to set up the report delivery schedule for your customers. Enter the email addresses of the desired report recipient(s) within your customer organizations and which reports (monthly or quarterly) you want to start sending automatically. The History tab in the Automate Report section will show all the scheduled reports you’ve created for all orgs.
Types of reports available:
- Monthly reports will be generated on one of the first three days of the following month.
- Quarterly reports will be generated on one of the first three days of the month following a quarter end.
2. Decoupling From Dark Web ID
We have decoupled BullPhish ID and Dark Web ID, which will result in the following changes in the way you interact with our platform:
-
BullPhish ID will now have two login options:
- Via the new BullPhish ID login page https://bullphishid.com
- Via the existing Dark Web ID login page https://secure.darkwebid.com/user/login, which is the current login method for our customers. You can continue using this option if you prefer. You will continue seeing the BullPhish ID tab in the upper right corner of the Dark Web ID platform, so you can jump between the products while remaining logged in and won’t need to log out of Dark Web ID and log in to BullPhish ID to perform tasks in BullPhish ID.
Note that we will not be supporting Passly login on the new BullPhish ID login page. The new login page will have the option to log in via Kaseya’s IT Complete login. However, if you choose to continue logging in to BullPhish ID via Dark Web ID, you can continue to use Passly as your 2FA option.
- Settings Separation
MSPs can now add new clients inside the BullPhish ID dashboard instead of going to Dark Web ID. In addition, Partner and org settings can now be set up and changed in BullPhish ID instead of Dark Web ID. No need to jump between Dark Web ID and BullPhish ID anymore to accomplish admin tasks.
The product user guides are also being updated and will be published inside the platform once ready.
3. NEW Video Training Courses & Phishing Kits for Your Campaigns
The following new video courses are now available in BullPhish ID under Training & Awareness > Training Courses:
-
CREDENTIAL EXPOSURE
- Introduction to Password Security
- How to protect credentials with Multifactor Authentication
-
PCI-DSS
- PCI-DSS Overview
- Best Practices for Maintaining PCI-DSS Compliance
-
RANSOMWARE
- Ransomware Basics
- Ransomware: Downloads and Attachments
-
HIPAA
- Introduction to HIPAA
- Overview of the Privacy and Security Rules
-
COVID-19 – Government Spoofing
-
Sarbanes-Oxley (SOX) Overview
-
GDPR: Rights of Data Subjects: Stored, Processed, Destroyed
-
NIST 800-171: Overview
The following new phishing kits are now available in BullPhish ID under Phishing Simulation > Phishing Kits to help you keep up with the latest threats:
- COVID-19 Free Booster Shot Survey
- COVID-19 Free Booster Shot Invitation
- Microsoft Notice of Delivery
- Walmart Boxing Day
- Boxing Day - Nordstrom
- Office 365 Reauthentication Notification Detection
- MyFax Kit
- Office 365 Password Notification
The kits are customizable and can be modified to suit your clients’ needs.
4. Coming Soon: New How-To Videos
The BullPhish ID team is creating brief in-product video tutorials that will provide helpful instructions for commonly used product features. Here are some of the videos coming in Q1 2022:
- How to Create a Phishing Simulation Campaign
- How to Create an SMB User Account
- How to Brand the Training Portal
- How to Create Groups and Manage Targets
- How to Download Monthly/Quarterly Reports
- How to Automate Monthly & Quarterly Reports
And this is just the beginning. Several new self-help videos will come out every quarter to help you take full advantage of all the BullPhish ID features. Access the videos by clicking on the Tutorials link in the lower left corner of the dashboard.
Need more details? We’ve created an article that describes the new functionalities included in this release – check it out here for additional details and screenshots.
“Resend Training” Functionality Enhancement; Access Restrictions for “Standard SMB” Users; Creating New SMB Users
The behavior of the “Resend Training” button for the Training Module of BullPhish ID has been updated. You will now be able to resend training campaigns to users with the following status: OPENED and CLICKED. It means that people who have opened or started their training(s) can be reminded to complete their training via this new functionality.
Previously, you were only able to resend training campaigns to users who did not receive or open the phishing email (with statuses ‘EMAIL_ERROR’ and ‘SENT status’ only).
We have updated the access privileges of “SMB Standard” users. This user type will now have read-only access on the BullPhish ID Portal. For instance, users with this access type will no longer be able to create/edit or delete any content. MSPs can now allow SMB users to login to BullPhish ID Portal without the risk of them making any configuration changes.
Technical details: The user actions that have been restricted include: update training portal settings, configure invitations, edit custom kits, create/edit or delete training courses, create/edit active directory integration, edit target users, resend training, etc. In a nutshell, an SMB user would need to have the “SMB Privileged’ access to be able to create and manage content for their SMB organization.
An SMB user can be created under Dashboard > SMB Organization by following these steps:
- Click on the Action dropdown on the top right of the screen
- Select Organization Settings
- Selecting this option will open the Users list for the Organization. Selecting “Add User” or “Edit User” opens the user configuration menu.
- Users can be added by First name, Last name and Email. Account Type - either Standard or Privileged can be selected.
- Once the configuration is complete, the Partner Administrator can opt to send a Welcome Email to that user.
Users with access to BullPhish ID training and phishing modules will now be able to access global and custom sending profiles under Settings“ → “Sending Profiles“ menu item depending upon their privileges as follows:
- Partner administrators will be able to view sending profiles (global and custom) for both phishing & training modules belonging to their own and child organizations.
- Partner administrators will be able to create and modify sending profiles for the training module that belongs to their own and child organizations. Sending Profiles for the phishing kits will only be available in view-only mode.
- Partner agent will only be able to view, create and modify training module sending profiles that belong to their child organization(s). Sending Profiles (global and custom) for the phishing kits will only be available in view-only mode.
- “SMB Privileged” users will be able to view, create and modify sending profiles for the training module that belong to their own child organization. Sending Profiles for the phishing kits will only be available in view-only mode.
- “SMB Standard” users will be able to view phishing/training module sending profiles (global and custom) that belong to their own organizations.
Product UI and Navigation and Enhancement
The look and feel of the top navigation panel in BullPhish ID Portal has been updated. You may now access the Product Documentation, Release Notes, Kaseya University, Terms of Use, and Privacy Policy menu items through a single “Help” button denoted by the “?” sign in the top right corner of the dashboard.
User Training Portal in Now Available in French
The Training portal has been translated into French language and you are now able to toggle to French from the default English language.
More Options for Training Course Expiration Time; Save Time with New Campaign Recreate Functionality
Expiration of training courses has now been extended beyond one month. The following options are now available for the “Training Course Expiration” field: “7 Days, 2 Weeks, 1 Month, 2 Months, 3 Months, 6 Months, 9 Months, 1 Year, 2 Years”.
MSPs can now assign trainings to end users which would not expire for up to two years, depending upon the selection they make while creating a campaign.
As a partner administrator, partner agent, owner or SMB Privileged user, you can now recreate and edit a campaign from the “Actions” dropdown under Dashboard > Phishing Simulation Campaigns > Campaign Page.
With this new Recreate functionality, all fields will be auto-populated, and MSPs can use an existing campaign to create new campaigns for other SMB organizations or groups by simply updating the organization and its associated group vs. starting from scratch.
Testing Quiz Enhancements
BullPhish ID now lets partner administrators set a quiz attempt limit in additions to the quiz pass score criteria.
- If the administrator sets the attempt limit switch to “Yes”, they can enter any non-negative value for the attempt limit.
- If a user fails a quiz, their remaining quiz attempts will be displayed in the portal.
- When a user fails a quiz and has no attempts remaining, the course will be marked as “Failed”.
- If the administrator selects “Unlimited Attempts”, then the user will be able to take the training course until they pass.
Assigning Multiple Courses to Users Just Got Easier; New 6-Question Minimum for Quizzes; Set Your Own Test Scoring Criteria
You may now send multiple training courses in one email using the “Schedule Frequency” to “Once”. This would allow MSPs to assign multiple trainings to users in one message.
In all future training courses, the minimum number of testing quiz questions will be six.
- This aids in making scoring easier for both partners and users.
- If a partner administrator attempts to save a quiz with less than six questions attached, the message “A minimum of six questions is required to create a quiz” will appear in red, and the administrator won’t be able to proceed until all six questions are added.
Partner administrators can now configure the quiz scoring criteria in the “Quiz Settings” tab of the Training Portal.
- Under the “Scoring Criteria” section, partner administrators can toggle a switch for “Set Scoring Criteria”
- Selecting “No” allows users to successfully complete the quiz, regardless of the number of correct answers submitted.
- Selecting “Yes” allows partner administrators to select the percentage needed to pass a training quiz by using a slider. The configuration is applied to all future training campaigns by clicking “Save”.
Security & Compliance Training Portal Launched
ID Agent released a significant enhancement to our BullPhish ID solution – the Digital Security & Compliance Training Portal.
The new Training Portal makes it easier and simpler for our MSP clients to:
- Assign, schedule, and monitor progress of their customers’ security training programs
- Offer users a site they can log into to view their required training courses
- Send emails and reminder emails to drive users to their training portal to complete their required courses
- Track and report on trainings that are sent out to ensure all employees are up to date on the required courses and proactively help customers be protected from attacks
- Help customers fulfill their compliance requirements and ensure their employees are following best security and compliance practices
- Create content with additional flexibility and options to go beyond simply having a short video and a quiz