BullPhish ID Updates

February 09, 2023

New BullPhish ID User Reports Give You Detailed Campaign Results for Each End User

The BullPhish ID team is excited to announce the availability of new individual user reports that provide the phishing and training campaign status for every end user you manage.​ You can now easily obtain a single user view for all training/phishing campaigns you manage within a specified period.​

To generate an individual user report, select an SMB organization, define a date range and download a CSV report that will display phishing and training campaign results at the user level.

The report will contain the following information:

  • Names and email addresses of users that have received a campaign within your selected date range
  • The training course/phishing kit name followed by the campaign name, the status of each user/what action they’ve taken and the progress they’ve made with the course/kit

For step-by-step instructions on how to create individual user reports, please check out the BullPhish ID release notes.

January 06, 2023

New BullPhish ID Enhancements Simplify Campaign Management

The BullPhish ID team is excited to announce a new workflow integration between BullPhish and Passly and new on-premise directory sync capabilities. The new integration streamlines customer onboarding and campaign management in BullPhish ID and advances the Kaseya IT Complete vision by making our product modules work together to simplify the lives of our customers.

If you have both Passly and BullPhish ID:

Customers using both products can now leverage Passly’s Active Directory sync capabilities to quickly onboard customers onto BullPhish ID and create campaigns with up-to-date lists of targets and groups.

Passly will serve as “the user store” for BullPhish ID, so any personnel changes in Active Directory will sync from Passly to BullPhish ID, ensuring an always-accurate list of targets ad groups to train.

To conduct effective security training campaigns, you need a current, accurate list of end users to be trained. The integration with Passly ensures the targets and groups within BullPhish ID are always up to date, greatly simplifying the new SMB organization setup and ongoing campaign management.

How to enable the Passly-BullPhish ID integration:

  • First, log in to your Passly account, navigate to the Integration Manager section, generate an API key for BullPhish ID and copy it.
  • Next, log in to your BullPhish ID account, navigate to Targets & Groups, then Directories. Click the + Add Directory Sync button to create a sync between an organization and a Passly directory.
  • Click here for detailed instruction on enabling the integration.

What else is new?

Another enhancement included in this release is the on-premise Active Directory sync capability via Passly. Previously, BullPhish ID customers with on-premise email platforms couldn’t sync their Active Directory with BullPhish ID and had to create targets and groups manually in BullPhish ID. With the new Passly integration, Active Directory sync is now available for on-prem customers, eliminating the need for manual data entry.

December 15, 2022

BullPhish ID Rolls Out Multi-Org Phishing Campaigns Feature

The BullPhish ID team is excited to introduce the redesigned campaign process that allows our MSP customers to deploy phishing simulation campaigns to multiple clients simultaneously.

Setting up phishing simulation exercises for each client is a time-consuming task for MSPs. With the new feature, MSPs can now deploy phishing campaigns to multiple customers at the same time, saving hours of labor per month and enhancing their product experience.

Now, you can optimize your campaign creation process by easily creating daily/weekly/bi-weekly/monthly or quarterly campaigns for multiple organizations at once.

For detailed instructions, please refer to the BullPhish ID release notes.

October 21, 2022

New BullPhish ID Video Training Courses Reflect the Current Cyberthreats

The following new training videos are now available in BullPhish ID in the Training & Awareness section > Training Courses:

Ransomware in Healthcare

This video looks at the elevated risk of ransomware attacks in the healthcare sector, and the impact ransomware attack can have on healthcare organizations and patients.

Business Email Compromise (BEC) – Gift Card Scams

Get to know the signs of a common business email compromise attack — the gift card scam.

Business Email Compromise (BEC): Invoice/Urgent Payment Required Scams

An overview of urgent payment required or invoice scams — a common form of business email compromise fraud. Learn what they look like and what to do if you encounter one.

Business Email Compromise (BEC): Credentials & Data Theft Scams

Learn about business email compromise attacks that aim to obtain credentials or data under false pretenses and what you can do to prevent one from succeeding.

September 24, 2022

New Integration With IT Glue Simplifies Customer Onboarding for MSPs

The BullPhish ID team is excited to announce a new integration between BullPhish ID and IT Glue, an IT documentation platform and a part of the Kaseya product portfolio. This workflow integration further advances the Kaseya IT Complete vision by making our products work together to simplify the lives of our customers.

Leveraging the IT Glue API, this integration facilitates customer onboarding onto BullPhish ID by importing SMB organizations’ names from IT Glue and creating orgs with the same names in BullPhish ID, reducing the need for manual data entry by MSPs. The SMB organizations will remain linked, so any time an MSP makes changes to the org name in IT Glue, the changes will automatically sync to BullPhish ID.

The new integration greatly simplifies the new SMB organization setup and ongoing customer org management within BullPhish ID, in turn saving time for MSPs. Setting up each new product or keeping organization-related data up to date requires MSPs to manually update customer data in every product they own, which means spending a lot of time on redundant tasks. Fortunately, not anymore. IT Glue will serve as “the source of truth” and any name changes made to the IT Glue organizations will automatically be reflected in BullPhish ID.

To enable the integration:

  • Log in to your IT Glue account, generate an API key for BPID and copy it.
  • Next, log in to your BullPhish ID account, navigate to the Integrations section of the platform, paste the IT Glue API key and click Connect.
  • When the integration is enabled, IT Glue and BullPhish organizations with the same name will be automatically linked.
  • In the event an organization was created with a different name in either of the products, you can still manually link them on the Integrations page.

For additional details on the BullPhish ID-IT Glue integration, please refer to this guide.

Note: You must have subscriptions to both IT Glue and BullPhish ID to enable the integration.

August 31, 2022

New BullPhish ID Cybersecurity Video Training Courses Reflect the Latest Threats

The following new training videos are now available in BullPhish ID in the Training & Awareness section > Training Courses:

Brand Fraud and Spoofing

This video covers brand fraud and spoofing, including the most spoofed brands and what to watch out for to avoid getting caught by this type of phishing.

Social Media Phishing (Angler Phishing)

Learn how cybercriminals phish employees and endanger businesses through social media, including common red flags and what to do if it happens to you.

Executive Impersonation (Whaling)

Learn what a whaling or executive impersonation attack is, who might be the target of such an attack and what to do if you encounter one.

Security for Remote and Hybrid Workers

This video offers an overview of good security behavior for remote and hybrid workers as well as safety tips and examples of what they shouldn’t do.

Also, check out our brand-new compliance training videos available for your training programs now:

PIPEDA: The 10 Principles

The video explains the 10 guiding principles of PIPEDA that all organizations must adhere to remain compliant.

UK GDPR vs. EU GDPR

An overview of the differences between the UK GDPR and EU GDPR laws.

CMMC: Understanding the 5 Maturity Levels

An overview of the requirements for compliance with CMMC certification Levels 1–5.

July 01, 2022

New Integration With Graphus Saves Time and Ensures 100% Training Email Deliverability

The BullPhish ID team is excited to announce the Advanced Phishing Simulations (aka Drop-A-Phish) release, a major BullPhish ID enhancement that leverages a new integration with Kaseya’s email security solution, Graphus, to eliminate the need for domain whitelisting and ensure 100% campaign deliverability to your end users.

This integration makes conducting phishing simulation exercises and security awareness training campaigns easy and fast for you by removing the need to whitelist sending domains or IP addresses. Instead, the Graphus API gives BullPhish ID the ability to place phishing and training emails directly into end-user inboxes as opposed to sending them through the internet, saving you hours of whitelisting time.

This feature creates a unique advantage for BullPhish ID. Most of our competitors in the phishing simulation training space do not have this capability, so their customers must whitelist the vendors’ sending domains before they can start training their users.

How to Enable:

IMPORTANT: You must have subscriptions to both BullPhish ID and Graphus to enable this integration.

First, log in to Graphus and copy the BullPhish ID API key in the Integrations tab.

Then, go to BullPhish ID and paste the API key in the Integrations tab.

Once the API key is verified, BullPhish ID will sync all organizations with domains that exist in both Graphus and BullPhish ID, and for those organizations, whitelisting will no longer be needed.

Need details? Our Product team put together a KB article on how to enable this integration.

Take advantage of the powerful new workflow integration between BullPhish ID and Graphus today by adding Graphus to your security stack. Not only will you benefit from using best-in-class anti-phishing email security and security awareness training and phishing simulation platforms, you will also gain extra time savings and efficiencies from the integration between them.

June 15, 2022

BullPhish ID Training Content Now Available Inside Compliance Manager GRC

If you have subscriptions for both BullPhish ID and Compliance Manager GRC, you can now have the best of both worlds by creating evidence of compliance for all your security awareness training programs.

This integration brings 60+ BullPhish ID security awareness training video courses, plus a testing quiz for each, right into the Compliance Manager GRC self-serve end-user portal. Multiple languages are supported.

You get the same kind of controls and reporting on the BullPhish ID training content that you get with the basic Security Awareness Training lesson included with Compliance Manager GRC:

  • Assign specific training courses to individuals and/or groups
  • Notify end users to log into their branded Compliance Manager portals to access the training content
  • Track who has completed viewing the content
  • Record results of post-training quizzes
  • Generate reports that can be used as evidence of compliance with training requirements.

With the combination of BullPhish ID and Compliance Manager GRC, you have the option to deliver end-user training directly from inside the Compliance Manager GRC self-serve portal, giving you bulletproof visibility into which employees are in compliance with their training requirements, and identify who needs to be called-out to meet their requirements.

Don’t have a subscription to Compliance Manager GRC? Click here to learn more and get a demo.

May 31, 2022

NEW Compliance Video Courses for Your Training Campaigns

The following new training videos are now available in BullPhish ID in the Training & Awareness section > Training Courses:

Introduction to the UK General Data Protection Regulation

An overview of the seven basic principles of the UK GDPR and penalties for noncompliance.

CMMC 2 (USA): What Information Is Protected and Why

Learn what kind of information is safeguarded by CMMC and why it is important to protect it.

April 30, 2022

NEW Security Awareness and Compliance Video Courses for Your Training Campaigns

The following new training videos are now available in BullPhish ID in the Training & Awareness section > Training Courses:

  • ​​Avoiding Cryptocurrency Risk: Crypto Mining
  • NIST Incident Response Overview
  • Nation-State Cybercrime: How Employees May Encounter Nation-State Threats
March 31, 2022

New Feature to Improve Training Campaign Effectiveness

The ID Agent team is excited to introduce Custom Domains, a new BullPhish ID functionality that will enhance the deliverability of training emails and improve the effectiveness of your security awareness training campaigns.

A highly requested enhancement by our customers, the new Custom Domains feature will allow you to use your own domain (or your customer’s domain) as the sending domain for security awareness training/phishing simulation emails. Users will be less likely to ignore, delete or mark training emails as spam because the emails will come from a domain they recognize and trust.

Previously, you had to choose from a fixed set of domains offered by BullPhish ID (for example, @bp-securityawareness.com, @bullphish.com, etc.) to send training campaigns to your end users. Some end users would get suspicious when they received emails from an unfamiliar domain or a domain that had a word “phish” in it. As a result, they often deleted the training emails or marked them as spam and never saw/took the training. Custom Domains will help solve the issue of training emails deliverability and increase your training campaign success.

To enable a custom domain, you need to perform certain configurations within your BullPhish ID product settings as well as make some changes to your DNS records. To make it a smooth experience, we created a guide with details and instructions.

The release went live in the product on March 31, so the feature is available to you to configure and start using immediately.

March 31, 2022

New Compliance Video Course for Your Training Campaigns

The following new training video is now available in BullPhish ID in the Training & Awareness section > Training Courses:

  • Introduction to CMMC
February 28, 2022

NEW Security Awareness and Compliance Video Courses for Your Training Campaigns

The following new video courses are now available in BullPhish ID under Training & Awareness > Training Courses: ​​

  • Zero Trust Security: Introduction & Definition
  • NIST CSF: Introduction
  • NIST 800-171: Who Is Required to Comply and What Information Is Protected
  • PIPEDA Overview
January 27, 2022

Decoupling from Dark Web ID, New Reporting, New Training Content

The ID Agent team is excited to announce several new features and enhancements to BullPhish ID that will further improve your experience with the product, streamline workflows and increase your productivity.

1. New BullPhish ID Reporting Module, Automated Reporting, Updated Report Design

You can now use the new Reporting menu on the left-hand side of the dashboard to download monthly and quarterly reports. We’ve also automated BullPhish ID reporting so campaign reports can now be generated and sent to end users automatically. No more manual running of one-off reports and then emailing them to clients — set it up once and sit back and relax. The reports will be created and delivered automatically. We’ve also updated the logic and UI of the reports to make them easier to understand and more visually appealing.

You will see a new Reporting menu item on the left-hand side of your admin dashboard, which has two additional options underneath:

  • Export Report – Go here to download your monthly and quarterly reports.
  • Automate Report – Go here to set up the report delivery schedule for your customers. Enter the email addresses of the desired report recipient(s) within your customer organizations and which reports (monthly or quarterly) you want to start sending automatically. The History tab in the Automate Report section will show all the scheduled reports you’ve created for all orgs.

Types of reports available:

  • Monthly reports will be generated on one of the first three days of the following month.
  • Quarterly reports will be generated on one of the first three days of the month following a quarter end.

2. Decoupling From Dark Web ID

We have decoupled BullPhish ID and Dark Web ID, which will result in the following changes in the way you interact with our platform:

  • BullPhish ID will now have two login options:

    • Via the new BullPhish ID login page https://bullphishid.com
    • Via the existing Dark Web ID login page https://secure.darkwebid.com/user/login, which is the current login method for our customers. You can continue using this option if you prefer. You will continue seeing the BullPhish ID tab in the upper right corner of the Dark Web ID platform, so you can jump between the products while remaining logged in and won’t need to log out of Dark Web ID and log in to BullPhish ID to perform tasks in BullPhish ID.

Note that we will not be supporting Passly login on the new BullPhish ID login page. The new login page will have the option to log in via Kaseya’s IT Complete login. However, if you choose to continue logging in to BullPhish ID via Dark Web ID, you can continue to use Passly as your 2FA option.

  • Settings Separation

MSPs can now add new clients inside the BullPhish ID dashboard instead of going to Dark Web ID. In addition, Partner and org settings can now be set up and changed in BullPhish ID instead of Dark Web ID. No need to jump between Dark Web ID and BullPhish ID anymore to accomplish admin tasks.

The product user guides are also being updated and will be published inside the platform once ready.

3. NEW Video Training Courses & Phishing Kits for Your Campaigns

The following new video courses are now available in BullPhish ID under Training & Awareness > Training Courses:

  • CREDENTIAL EXPOSURE

    • Introduction to Password Security
    • How to protect credentials with Multifactor Authentication
  • PCI-DSS

    • PCI-DSS Overview
    • Best Practices for Maintaining PCI-DSS Compliance
  • RANSOMWARE

    • Ransomware Basics
    • Ransomware: Downloads and Attachments
  • HIPAA

    • Introduction to HIPAA
    • Overview of the Privacy and Security Rules
  • COVID-19 – Government Spoofing

  • Sarbanes-Oxley (SOX) Overview

  • GDPR: Rights of Data Subjects: Stored, Processed, Destroyed

  • NIST 800-171: Overview

The following new phishing kits are now available in BullPhish ID under Phishing Simulation > Phishing Kits to help you keep up with the latest threats:

  • COVID-19 Free Booster Shot Survey
  • COVID-19 Free Booster Shot Invitation
  • Microsoft Notice of Delivery
  • Walmart Boxing Day
  • Boxing Day - Nordstrom
  • Office 365 Reauthentication Notification Detection
  • MyFax Kit
  • Office 365 Password Notification

The kits are customizable and can be modified to suit your clients’ needs.

4. Coming Soon: New How-To Videos

The BullPhish ID team is creating brief in-product video tutorials that will provide helpful instructions for commonly used product features. Here are some of the videos coming in Q1 2022:

  • How to Create a Phishing Simulation Campaign
  • How to Create an SMB User Account
  • How to Brand the Training Portal
  • How to Create Groups and Manage Targets
  • How to Download Monthly/Quarterly Reports
  • How to Automate Monthly & Quarterly Reports

And this is just the beginning. Several new self-help videos will come out every quarter to help you take full advantage of all the BullPhish ID features. Access the videos by clicking on the Tutorials link in the lower left corner of the dashboard.

Need more details? We’ve created an article that describes the new functionalities included in this release – check it out here for additional details and screenshots.

November 15, 2021

“Resend Training” Functionality Enhancement; Access Restrictions for “Standard SMB” Users; Creating New SMB Users

The behavior of the “Resend Training” button for the Training Module of BullPhish ID has been updated. You will now be able to resend training campaigns to users with the following status: OPENED and CLICKED. It means that people who have opened or started their training(s) can be reminded to complete their training via this new functionality.

Previously, you were only able to resend training campaigns to users who did not receive or open the phishing email (with statuses ‘EMAIL_ERROR’ and ‘SENT status’ only).

We have updated the access privileges of “SMB Standard” users. This user type will now have read-only access on the BullPhish ID Portal. For instance, users with this access type will no longer be able to create/edit or delete any content. MSPs can now allow SMB users to login to BullPhish ID Portal without the risk of them making any configuration changes.

Technical details: The user actions that have been restricted include: update training portal settings, configure invitations, edit custom kits, create/edit or delete training courses, create/edit active directory integration, edit target users, resend training, etc. In a nutshell, an SMB user would need to have the “SMB Privileged’ access to be able to create and manage content for their SMB organization.

An SMB user can be created under Dashboard > SMB Organization by following these steps:

  1. Click on the Action dropdown on the top right of the screen
  2. Select Organization Settings
  3. Selecting this option will open the Users list for the Organization. Selecting “Add User” or “Edit User” opens the user configuration menu.
  4. Users can be added by First name, Last name and Email. Account Type - either Standard or Privileged can be selected.
  5. Once the configuration is complete, the Partner Administrator can opt to send a Welcome Email to that user.

Users with access to BullPhish ID training and phishing modules will now be able to access global and custom sending profiles under Settings“ → “Sending Profiles“ menu item depending upon their privileges as follows:

  • Partner administrators will be able to view sending profiles (global and custom) for both phishing & training modules belonging to their own and child organizations.
  • Partner administrators will be able to create and modify sending profiles for the training module that belongs to their own and child organizations. Sending Profiles for the phishing kits will only be available in view-only mode.
  • Partner agent will only be able to view, create and modify training module sending profiles that belong to their child organization(s). Sending Profiles (global and custom) for the phishing kits will only be available in view-only mode.
  • “SMB Privileged” users will be able to view, create and modify sending profiles for the training module that belong to their own child organization. Sending Profiles for the phishing kits will only be available in view-only mode.
  • “SMB Standard” users will be able to view phishing/training module sending profiles (global and custom) that belong to their own organizations.
October 01, 2021

Product UI and Navigation and Enhancement

The look and feel of the top navigation panel in BullPhish ID Portal has been updated. You may now access the Product Documentation, Release Notes, Kaseya University, Terms of Use, and Privacy Policy menu items through a single “Help” button denoted by the “?” sign in the top right corner of the dashboard.

June 15, 2021

User Training Portal in Now Available in French

The Training portal has been translated into French language and you are now able to toggle to French from the default English language.

June 15, 2021

More Options for Training Course Expiration Time; Save Time with New Campaign Recreate Functionality

Expiration of training courses has now been extended beyond one month. The following options are now available for the “Training Course Expiration” field: “7 Days, 2 Weeks, 1 Month, 2 Months, 3 Months, 6 Months, 9 Months, 1 Year, 2 Years”.

MSPs can now assign trainings to end users which would not expire for up to two years, depending upon the selection they make while creating a campaign.

As a partner administrator, partner agent, owner or SMB Privileged user, you can now recreate and edit a campaign from the “Actions” dropdown under Dashboard > Phishing Simulation Campaigns > Campaign Page.

With this new Recreate functionality, all fields will be auto-populated, and MSPs can use an existing campaign to create new campaigns for other SMB organizations or groups by simply updating the organization and its associated group vs. starting from scratch.

April 10, 2021

Testing Quiz Enhancements

BullPhish ID now lets partner administrators set a quiz attempt limit in additions to the quiz pass score criteria.

  • If the administrator sets the attempt limit switch to “Yes”, they can enter any non-negative value for the attempt limit.
  • If a user fails a quiz, their remaining quiz attempts will be displayed in the portal.
  • When a user fails a quiz and has no attempts remaining, the course will be marked as “Failed”.
  • If the administrator selects “Unlimited Attempts”, then the user will be able to take the training course until they pass.
March 01, 2021

Assigning Multiple Courses to Users Just Got Easier; New 6-Question Minimum for Quizzes; Set Your Own Test Scoring Criteria

You may now send multiple training courses in one email using the “Schedule Frequency” to “Once”. This would allow MSPs to assign multiple trainings to users in one message.

In all future training courses, the minimum number of testing quiz questions will be six.

  • This aids in making scoring easier for both partners and users.
  • If a partner administrator attempts to save a quiz with less than six questions attached, the message “A minimum of six questions is required to create a quiz” will appear in red, and the administrator won’t be able to proceed until all six questions are added.

Partner administrators can now configure the quiz scoring criteria in the “Quiz Settings” tab of the Training Portal.

  • Under the “Scoring Criteria” section, partner administrators can toggle a switch for “Set Scoring Criteria”
  • Selecting “No” allows users to successfully complete the quiz, regardless of the number of correct answers submitted.
  • Selecting “Yes” allows partner administrators to select the percentage needed to pass a training quiz by using a slider. The configuration is applied to all future training campaigns by clicking “Save”. 
January 10, 2021

Security & Compliance Training Portal Launched

ID Agent released a significant enhancement to our BullPhish ID solution – the Digital Security & Compliance Training Portal.

The new Training Portal makes it easier and simpler for our MSP clients to:

  • Assign, schedule, and monitor progress of their customers’ security training programs
  • Offer users a site they can log into to view their required training courses
  • Send emails and reminder emails to drive users to their training portal to complete their required courses
  • Track and report on trainings that are sent out to ensure all employees are up to date on the required courses and proactively help customers be protected from attacks
  • Help customers fulfill their compliance requirements and ensure their employees are following best security and compliance practices
  • Create content with additional flexibility and options to go beyond simply having a short video and a quiz