The BullPhish ID team is excited to announce the availability of new individual user reports that provide the phishing and training campaign status for every end user you manage. You can now easily obtain a single user view for all training/phishing campaigns you manage within a specified period.
To generate an individual user report, select an SMB organization, define a date range and download a CSV report that will display phishing and training campaign results at the user level.
The report will contain the following information:
For step-by-step instructions on how to create individual user reports, please check out the BullPhish ID release notes.
The BullPhish ID team is excited to announce a new workflow integration between BullPhish and Passly and new on-premise directory sync capabilities. The new integration streamlines customer onboarding and campaign management in BullPhish ID and advances the Kaseya IT Complete vision by making our product modules work together to simplify the lives of our customers.
If you have both Passly and BullPhish ID:
Customers using both products can now leverage Passly’s Active Directory sync capabilities to quickly onboard customers onto BullPhish ID and create campaigns with up-to-date lists of targets and groups.
Passly will serve as “the user store” for BullPhish ID, so any personnel changes in Active Directory will sync from Passly to BullPhish ID, ensuring an always-accurate list of targets ad groups to train.
To conduct effective security training campaigns, you need a current, accurate list of end users to be trained. The integration with Passly ensures the targets and groups within BullPhish ID are always up to date, greatly simplifying the new SMB organization setup and ongoing campaign management.
How to enable the Passly-BullPhish ID integration:
Another enhancement included in this release is the on-premise Active Directory sync capability via Passly. Previously, BullPhish ID customers with on-premise email platforms couldn’t sync their Active Directory with BullPhish ID and had to create targets and groups manually in BullPhish ID. With the new Passly integration, Active Directory sync is now available for on-prem customers, eliminating the need for manual data entry.
The BullPhish ID team is excited to introduce the redesigned campaign process that allows our MSP customers to deploy phishing simulation campaigns to multiple clients simultaneously.
Setting up phishing simulation exercises for each client is a time-consuming task for MSPs. With the new feature, MSPs can now deploy phishing campaigns to multiple customers at the same time, saving hours of labor per month and enhancing their product experience.
Now, you can optimize your campaign creation process by easily creating daily/weekly/bi-weekly/monthly or quarterly campaigns for multiple organizations at once.
For detailed instructions, please refer to the BullPhish ID release notes.
The following new training videos are now available in BullPhish ID in the Training & Awareness section > Training Courses:
This video looks at the elevated risk of ransomware attacks in the healthcare sector, and the impact ransomware attack can have on healthcare organizations and patients.
Get to know the signs of a common business email compromise attack — the gift card scam.
An overview of urgent payment required or invoice scams — a common form of business email compromise fraud. Learn what they look like and what to do if you encounter one.
Learn about business email compromise attacks that aim to obtain credentials or data under false pretenses and what you can do to prevent one from succeeding.
The BullPhish ID team is excited to announce a new integration between BullPhish ID and IT Glue, an IT documentation platform and a part of the Kaseya product portfolio. This workflow integration further advances the Kaseya IT Complete vision by making our products work together to simplify the lives of our customers.
Leveraging the IT Glue API, this integration facilitates customer onboarding onto BullPhish ID by importing SMB organizations’ names from IT Glue and creating orgs with the same names in BullPhish ID, reducing the need for manual data entry by MSPs. The SMB organizations will remain linked, so any time an MSP makes changes to the org name in IT Glue, the changes will automatically sync to BullPhish ID.
The new integration greatly simplifies the new SMB organization setup and ongoing customer org management within BullPhish ID, in turn saving time for MSPs. Setting up each new product or keeping organization-related data up to date requires MSPs to manually update customer data in every product they own, which means spending a lot of time on redundant tasks. Fortunately, not anymore. IT Glue will serve as “the source of truth” and any name changes made to the IT Glue organizations will automatically be reflected in BullPhish ID.
To enable the integration:
For additional details on the BullPhish ID-IT Glue integration, please refer to this guide.
Note: You must have subscriptions to both IT Glue and BullPhish ID to enable the integration.
The following new training videos are now available in BullPhish ID in the Training & Awareness section > Training Courses:
Brand Fraud and Spoofing
This video covers brand fraud and spoofing, including the most spoofed brands and what to watch out for to avoid getting caught by this type of phishing.
Social Media Phishing (Angler Phishing)
Learn how cybercriminals phish employees and endanger businesses through social media, including common red flags and what to do if it happens to you.
Executive Impersonation (Whaling)
Learn what a whaling or executive impersonation attack is, who might be the target of such an attack and what to do if you encounter one.
Security for Remote and Hybrid Workers
This video offers an overview of good security behavior for remote and hybrid workers as well as safety tips and examples of what they shouldn’t do.
Also, check out our brand-new compliance training videos available for your training programs now:
PIPEDA: The 10 Principles
The video explains the 10 guiding principles of PIPEDA that all organizations must adhere to remain compliant.
UK GDPR vs. EU GDPR
An overview of the differences between the UK GDPR and EU GDPR laws.
CMMC: Understanding the 5 Maturity Levels
An overview of the requirements for compliance with CMMC certification Levels 1–5.
The BullPhish ID team is excited to announce the Advanced Phishing Simulations (aka Drop-A-Phish) release, a major BullPhish ID enhancement that leverages a new integration with Kaseya’s email security solution, Graphus, to eliminate the need for domain whitelisting and ensure 100% campaign deliverability to your end users.
This integration makes conducting phishing simulation exercises and security awareness training campaigns easy and fast for you by removing the need to whitelist sending domains or IP addresses. Instead, the Graphus API gives BullPhish ID the ability to place phishing and training emails directly into end-user inboxes as opposed to sending them through the internet, saving you hours of whitelisting time.
This feature creates a unique advantage for BullPhish ID. Most of our competitors in the phishing simulation training space do not have this capability, so their customers must whitelist the vendors’ sending domains before they can start training their users.
How to Enable:
IMPORTANT: You must have subscriptions to both BullPhish ID and Graphus to enable this integration.
First, log in to Graphus and copy the BullPhish ID API key in the Integrations tab.
Then, go to BullPhish ID and paste the API key in the Integrations tab.
Once the API key is verified, BullPhish ID will sync all organizations with domains that exist in both Graphus and BullPhish ID, and for those organizations, whitelisting will no longer be needed.
Need details? Our Product team put together a KB article on how to enable this integration.
Take advantage of the powerful new workflow integration between BullPhish ID and Graphus today by adding Graphus to your security stack. Not only will you benefit from using best-in-class anti-phishing email security and security awareness training and phishing simulation platforms, you will also gain extra time savings and efficiencies from the integration between them.
If you have subscriptions for both BullPhish ID and Compliance Manager GRC, you can now have the best of both worlds by creating evidence of compliance for all your security awareness training programs.
This integration brings 60+ BullPhish ID security awareness training video courses, plus a testing quiz for each, right into the Compliance Manager GRC self-serve end-user portal. Multiple languages are supported.
You get the same kind of controls and reporting on the BullPhish ID training content that you get with the basic Security Awareness Training lesson included with Compliance Manager GRC:
With the combination of BullPhish ID and Compliance Manager GRC, you have the option to deliver end-user training directly from inside the Compliance Manager GRC self-serve portal, giving you bulletproof visibility into which employees are in compliance with their training requirements, and identify who needs to be called-out to meet their requirements.
Don’t have a subscription to Compliance Manager GRC? Click here to learn more and get a demo.
The following new training videos are now available in BullPhish ID in the Training & Awareness section > Training Courses:
An overview of the seven basic principles of the UK GDPR and penalties for noncompliance.
Learn what kind of information is safeguarded by CMMC and why it is important to protect it.
The following new training videos are now available in BullPhish ID in the Training & Awareness section > Training Courses:
The ID Agent team is excited to introduce Custom Domains, a new BullPhish ID functionality that will enhance the deliverability of training emails and improve the effectiveness of your security awareness training campaigns.
A highly requested enhancement by our customers, the new Custom Domains feature will allow you to use your own domain (or your customer’s domain) as the sending domain for security awareness training/phishing simulation emails. Users will be less likely to ignore, delete or mark training emails as spam because the emails will come from a domain they recognize and trust.
Previously, you had to choose from a fixed set of domains offered by BullPhish ID (for example, @bp-securityawareness.com, @bullphish.com, etc.) to send training campaigns to your end users. Some end users would get suspicious when they received emails from an unfamiliar domain or a domain that had a word “phish” in it. As a result, they often deleted the training emails or marked them as spam and never saw/took the training. Custom Domains will help solve the issue of training emails deliverability and increase your training campaign success.
To enable a custom domain, you need to perform certain configurations within your BullPhish ID product settings as well as make some changes to your DNS records. To make it a smooth experience, we created a guide with details and instructions.
The release went live in the product on March 31, so the feature is available to you to configure and start using immediately.
The following new training video is now available in BullPhish ID in the Training & Awareness section > Training Courses:
The following new video courses are now available in BullPhish ID under Training & Awareness > Training Courses:
The ID Agent team is excited to announce several new features and enhancements to BullPhish ID that will further improve your experience with the product, streamline workflows and increase your productivity.
1. New BullPhish ID Reporting Module, Automated Reporting, Updated Report Design
You can now use the new Reporting menu on the left-hand side of the dashboard to download monthly and quarterly reports. We’ve also automated BullPhish ID reporting so campaign reports can now be generated and sent to end users automatically. No more manual running of one-off reports and then emailing them to clients — set it up once and sit back and relax. The reports will be created and delivered automatically. We’ve also updated the logic and UI of the reports to make them easier to understand and more visually appealing.
You will see a new Reporting menu item on the left-hand side of your admin dashboard, which has two additional options underneath:
Types of reports available:
2. Decoupling From Dark Web ID
We have decoupled BullPhish ID and Dark Web ID, which will result in the following changes in the way you interact with our platform:
BullPhish ID will now have two login options:
Note that we will not be supporting Passly login on the new BullPhish ID login page. The new login page will have the option to log in via Kaseya’s IT Complete login. However, if you choose to continue logging in to BullPhish ID via Dark Web ID, you can continue to use Passly as your 2FA option.
MSPs can now add new clients inside the BullPhish ID dashboard instead of going to Dark Web ID. In addition, Partner and org settings can now be set up and changed in BullPhish ID instead of Dark Web ID. No need to jump between Dark Web ID and BullPhish ID anymore to accomplish admin tasks.
The product user guides are also being updated and will be published inside the platform once ready.
3. NEW Video Training Courses & Phishing Kits for Your Campaigns
The following new video courses are now available in BullPhish ID under Training & Awareness > Training Courses:
CREDENTIAL EXPOSURE
PCI-DSS
RANSOMWARE
HIPAA
COVID-19 – Government Spoofing
Sarbanes-Oxley (SOX) Overview
GDPR: Rights of Data Subjects: Stored, Processed, Destroyed
NIST 800-171: Overview
The following new phishing kits are now available in BullPhish ID under Phishing Simulation > Phishing Kits to help you keep up with the latest threats:
The kits are customizable and can be modified to suit your clients’ needs.
4. Coming Soon: New How-To Videos
The BullPhish ID team is creating brief in-product video tutorials that will provide helpful instructions for commonly used product features. Here are some of the videos coming in Q1 2022:
And this is just the beginning. Several new self-help videos will come out every quarter to help you take full advantage of all the BullPhish ID features. Access the videos by clicking on the Tutorials link in the lower left corner of the dashboard.
Need more details? We’ve created an article that describes the new functionalities included in this release – check it out here for additional details and screenshots.
The behavior of the “Resend Training” button for the Training Module of BullPhish ID has been updated. You will now be able to resend training campaigns to users with the following status: OPENED and CLICKED. It means that people who have opened or started their training(s) can be reminded to complete their training via this new functionality.
Previously, you were only able to resend training campaigns to users who did not receive or open the phishing email (with statuses ‘EMAIL_ERROR’ and ‘SENT status’ only).
We have updated the access privileges of “SMB Standard” users. This user type will now have read-only access on the BullPhish ID Portal. For instance, users with this access type will no longer be able to create/edit or delete any content. MSPs can now allow SMB users to login to BullPhish ID Portal without the risk of them making any configuration changes.
Technical details: The user actions that have been restricted include: update training portal settings, configure invitations, edit custom kits, create/edit or delete training courses, create/edit active directory integration, edit target users, resend training, etc. In a nutshell, an SMB user would need to have the “SMB Privileged’ access to be able to create and manage content for their SMB organization.
An SMB user can be created under Dashboard > SMB Organization by following these steps:
Users with access to BullPhish ID training and phishing modules will now be able to access global and custom sending profiles under Settings“ → “Sending Profiles“ menu item depending upon their privileges as follows:
The look and feel of the top navigation panel in BullPhish ID Portal has been updated. You may now access the Product Documentation, Release Notes, Kaseya University, Terms of Use, and Privacy Policy menu items through a single “Help” button denoted by the “?” sign in the top right corner of the dashboard.
The Training portal has been translated into French language and you are now able to toggle to French from the default English language.
Expiration of training courses has now been extended beyond one month. The following options are now available for the “Training Course Expiration” field: “7 Days, 2 Weeks, 1 Month, 2 Months, 3 Months, 6 Months, 9 Months, 1 Year, 2 Years”.
MSPs can now assign trainings to end users which would not expire for up to two years, depending upon the selection they make while creating a campaign.
As a partner administrator, partner agent, owner or SMB Privileged user, you can now recreate and edit a campaign from the “Actions” dropdown under Dashboard > Phishing Simulation Campaigns > Campaign Page.
With this new Recreate functionality, all fields will be auto-populated, and MSPs can use an existing campaign to create new campaigns for other SMB organizations or groups by simply updating the organization and its associated group vs. starting from scratch.
BullPhish ID now lets partner administrators set a quiz attempt limit in additions to the quiz pass score criteria.
You may now send multiple training courses in one email using the “Schedule Frequency” to “Once”. This would allow MSPs to assign multiple trainings to users in one message.
In all future training courses, the minimum number of testing quiz questions will be six.
Partner administrators can now configure the quiz scoring criteria in the “Quiz Settings” tab of the Training Portal.
ID Agent released a significant enhancement to our BullPhish ID solution – the Digital Security & Compliance Training Portal.
The new Training Portal makes it easier and simpler for our MSP clients to: