Table of Contents
Every campaign needs a recipient group to work. The recipient group is the users who receive the attack simulation or awareness content. You can create multiple groups for a single campaign. Groups can be used within Compliantly to target users with specific phishing or training campaigns. Many organizations start by grouping users by department, location (if you have multiple office locations), or even domains (if there are multiple domains). The recipients can be in any number of groups and you can set up an unlimited number of groups.
How to Enter Your Recipients?
Recipients and groups can be configured under Settings → Recipients.
You can either add them manually (1), import them (2), or search the internet by using the “SCAN FEATURE” (3). The groups are always defined globally and you can re-use them among different campaigns.
We recommend importing them because it will enable you to create a custom text file with additional information about each target user (e.g. defining the division or location where they work). This information can later be used for automatic analysis and statistics. The more information you provide, the better.
Note: Searching the internet without a Bing or Google API won't get you the same results as if you searched directly with a search engine.
SYNTAX: Compliantly requires a special syntax. Otherwise, it will throw an error. In an awareness or phishing campaign which is sent via email, it will need at least the mail address as a mandatory field. All other fields are voluntary.
The import file should contain one recipient per line. Each record should consist of 1 to 12 columns separated by the colon (:) or semi-colon symbol (;). All columns, except for the first one, are optional. If you want to skip the column value, just don't type anything between column separators (:). You can skip the columns at the end of the record – for example, if you have only Email and Name, you can just specify these 2 columns. The email address is mandatory for the Recipient list. All other fields (like Name) are compulsory. If you want to send a personalized email (using the %name% variable within the email or landing page) you need to define the Name field too. The possible columns are:
1.Email – Recipient's e-mail address
2.Full Name – Recipient's full name
3.Staff – Job position or related to that
4.Location – Recipient's location
5.Division – Company division
6.Comment – Any custom comment
7.Link – Unique link part for the Landing Page. Only use this if access to the internet by clicking on a link in an email is not possible (e.g. if you use some terminal client or a separate browser to access the internet). More information about this can be found here.
8.Phone – Recipient's phone number
9.Language – Recipient's language
10.Gender – Recipient's gender.(“m” – Male; “f” – Female)
11.First Name – Recipient's first name
12.Last Name – Recipient's last name
Also in Compliantly, it is possible to add Custom Fields to recipient groups. So if there are any custom fields one has to add values for these fields by adding columns to the end of the line separating them with colons or semi-colons too.
Note about language: if you upload a recipient group file (txt or CSV) and want to specify the language you need to use the English description (example “Spanish”).
FILE FORMAT: You can import a plain text file (.txt) or CSV (.csv) format and name it as you want.
EXAMPLE: Please note that Sample File is available for download from Import page. Your CSV or TXT file should look something like this:
[email protected]:John Doe:senior consultant:new york:accounting
[email protected]:Marcus Aurelius
Adding multiple groups in a campaign and associating them with a scenario
Compliantly allows you to add multiple groups in one campaign. After you added a group, you will be asked to define:
The default mapping is “campaign and awareness”. This means the user group will receive the phishing simulation and if configured, also the e-learning content. If you wish, you can limit the mapping to “awareness only” or “campaign only”. If you for example configure “campaign only”, the according group would only get the attack simulation, but no e-learning.
The scenario association can be used to control, which group gets which attack scenario. In the screenshot, you see (2) that all the available scenarios added to the campaign will be displayed. Example: If you select 2 scenarios with a specific group, each user from this group will get two emails (one from scenario 1 and one from scenario 2). If you don't want the users to get multiple emails, you can enable the checkbox “Distribute users over selected scenarios”. Compliantly will then randomly split the users over the selected scenarios. Every user will get a unique single attack and no user will be attacked with the same scenario twice. If you want to control the distribution of receivers even more deeply, you would have to create a scheduler rule. This allows the distribution to be even more complex.
Adding recipients to a running campaign
In Compliantly you can add recipients to a running campaign. Please click here to read more.
Automatic adding of recipients in a group (LDAP SYNC)
You can add your recipients by an LDAP server. How to set up LDAP you can find here LDAP Integration.
Note, this configuration will not be active if there are global settings for recipients import disabled.
Recipient group associations
If you have multiple recipient groups with the same name (this can happen if you, for example, copy a campaign with recipients), use this procedure to find the correct group/campaign association:
Step 1: Go to your campaign under “recipients”
Step 2: Click on the recipient link to get to the associated group
Step 3: Rename your group in order to identify it better
As an alternative, you can also hover over the link and look at the group ID. When you hover over the groups within the generic recipient settings, you will see also the corresponding ID's.
Compliantly is able to deal with multiple languages within the same recipient group. It is not necessary to define different groups for each language. Please consult this section for more information.
Identify recipients that have been already tested
Compliantly allows you to identify recipients that have been previously tested. If you click on the recipient group details you will notice that there is a column called “already tested” which shows you the last date this user has been tested.
After importing your mail recipients you will see a search field that allows you to search & filter specific emails in your list:
Disable recipients from a group within a campaign
You can load a group into Compliantly and then uncheck users, you don't want to test or train in this specific campaign. Just click on the according to the checkbox:
Recipient actions within a running campaign
Under the statistics/recipient tab, you will have a table view of all recipients used in a campaign. In the last column you can (1) re-send an attack to a specific user, (2) edit the user's details or (3) remove the user stats from the specific campaign:
Compliantly allows you to copy one or multiple recipients from one group to another group (new or existing).
Compliantly will create an import error log which will help you to quickly identify import errors with mail addresses that had a syntax error. For Compliantly please click here. Please note, that Compliantly cannot handle the wrong syntax. Also, don't use header lines. Duplicate or wrong entries will not be imported.
Custom Recipient Fields
In Compliantly you have the ability to create custom recipient fields. You can add any new recipient attribute you want (e.g. city, gender, education, etc.). Those attributes can be used for using customized statistics in Compliantly (dashboard filters or raw exports).
In order to create a new custom field go to recipients. Under the recipient link you will find the “custom field” link:
The new recipient attribute (can be freely chosen) is then added as a new attribute in the recipient list:
E-Mail Scanning Feature (E-Mail Spider)
Under the recipient tab, you find an option to scan for mail addresses on the internet.
We use different sources like Bing or Google.
Analysis of the campaign based on recipient attributes
All attributes defined within the Recipient group can be analyzed within the campaign statistics or data exports: