How to use the scenario list?
🎬 A scenario is a tool that allows evaluating an employee's behavior until compromise, i.e., until they enter their credentials into a fake landing page.
A scenario consists of 3️⃣ elements: the phishing email, a credential-harvesting landing page, and a redirect to the training or awareness page that highlights the clues that should have allowed the employee to detect the phishing attempt.
The scenario list is a library of realistic simulations from which to choose to launch a campaign. The choice of scenario is crucial because the more realistic it is, the more challenging the threat will be to detect by your employees.
To access the scenario list, click on the Scenarios tab in the Phishing Simulation category in the navigation menu on the left of your screen.
Filter the scenario library
Know the possible actions on a scenario
Create a new scenario
Understand the difficulty level of a scenario
To display the scenario you are looking for, or the scenarios that match your internal work environment, you can filter the scenario list in different ways.
🟣 Note that when you activate a filter, the selection is fixed. You must click on the filter to disable it.
You have a list of scenarios whose number changes depending on the selected language and the desired difficulty level.
You can also search for a scenario based on the category in which it was placed. Categories correspond either to business sectors or digital work environments.
You can directly search for a scenario by its name using the following search field.
Finally, to access the scenarios you have already duplicated and edited, click on the My Scenarios button.
There are 4 possible actions on a scenario presented in the library.
Preview the email sent to the target.
Preview the credential flight page built to encourage the employee to enter their username and password.
Preview the training page, which is the training page that can be displayed after the compromise of the employee.
4.[ Customize a scenario.](/en/article/how-to-customize-my-phishing-simulation-scenario-4qky02/)
If you have the necessary knowledge in HTML and CSS and you want to create your own scenarios starting from a blank sheet, click on My Scenarios.
You will be able to create the email, the landing page completely autonomously.
Choosing the right level of difficulty can sometimes be difficult without knowing what differentiates the levels from each other.
If you choose a difficult scenario : bad actions devalue the employee's score less strongly, good actions such as reporting are weighted more heavily.
If you choose an easy scenario : bad actions devalue the score very strongly, good actions are normal and expected from the employee and bring them less points.
Arsen offers scenarios between 3 and 5 stars.
The differences will be seen on different points:
- The sending domain name of the email address that can be more or less easy to spot.
- The URL of the landing page to which the target is redirected after clicking on the phishing email can affect the difficulty.
- Spelling mistakes or suspicious connections in foreign countries can vary the difficulty.
- The level of resemblance to an internal tool used daily by your company's employees.
- Finally, the very subject of the scenario and the level of manipulation that follows has an effect on the difficulty. When asked to act in urgency, it is sometimes more difficult to mobilize one's knowledge in the face of the fear of seeing one's session hacked.
A scenario consists of 3️⃣ elements: the phishing email, a credential-harvesting landing page, and a redirect to the training or awareness page that highlights the clues that should have allowed the employee to detect the phishing attempt.
The scenario list is a library of realistic simulations from which to choose to launch a campaign. The choice of scenario is crucial because the more realistic it is, the more challenging the threat will be to detect by your employees.
To access the scenario list, click on the Scenarios tab in the Phishing Simulation category in the navigation menu on the left of your screen.
Summary
Filter the scenario library
Know the possible actions on a scenario
Create a new scenario
Understand the difficulty level of a scenario
Filter the scenario library
To display the scenario you are looking for, or the scenarios that match your internal work environment, you can filter the scenario list in different ways.
🟣 Note that when you activate a filter, the selection is fixed. You must click on the filter to disable it.
You have a list of scenarios whose number changes depending on the selected language and the desired difficulty level.
You can also search for a scenario based on the category in which it was placed. Categories correspond either to business sectors or digital work environments.
You can directly search for a scenario by its name using the following search field.
Finally, to access the scenarios you have already duplicated and edited, click on the My Scenarios button.
Knowing the possible actions on a scenario
There are 4 possible actions on a scenario presented in the library.
Preview the email sent to the target.
Preview the credential flight page built to encourage the employee to enter their username and password.
Preview the training page, which is the training page that can be displayed after the compromise of the employee.
4.[ Customize a scenario.](/en/article/how-to-customize-my-phishing-simulation-scenario-4qky02/)
Create a new scenario
If you have the necessary knowledge in HTML and CSS and you want to create your own scenarios starting from a blank sheet, click on My Scenarios.
You will be able to create the email, the landing page completely autonomously.
Understanding the difficulty level of a scenario
Choosing the right level of difficulty can sometimes be difficult without knowing what differentiates the levels from each other.
If you choose a difficult scenario : bad actions devalue the employee's score less strongly, good actions such as reporting are weighted more heavily.
If you choose an easy scenario : bad actions devalue the score very strongly, good actions are normal and expected from the employee and bring them less points.
Arsen offers scenarios between 3 and 5 stars.
The differences will be seen on different points:
- The sending domain name of the email address that can be more or less easy to spot.
- The URL of the landing page to which the target is redirected after clicking on the phishing email can affect the difficulty.
- Spelling mistakes or suspicious connections in foreign countries can vary the difficulty.
- The level of resemblance to an internal tool used daily by your company's employees.
- Finally, the very subject of the scenario and the level of manipulation that follows has an effect on the difficulty. When asked to act in urgency, it is sometimes more difficult to mobilize one's knowledge in the face of the fear of seeing one's session hacked.
Updated on: 19/08/2024
Thank you!