🎣 We are thrilled to announce that our new Phishing Simulator and Chrome extension are available in this release. We also have a few other features we hope you'll find useful. For more information, please see the full release notes.
New features in this release
Download certificates on behalf of users
Admins and training owners can now easily download certificates of completion for users through the Haekka Dashboard. Simply navigate to the training view and select the desired employees. This feature is particularly useful for evidential purposes and is available for users who have completed their training.
Mark users as having completed training
Training owners can now mark employees' training as complete within Haekka. This can be useful for situations where employees need to be assigned to a specific training within Haekka for record-keeping or future training cycles. To do this, navigate to a desired training, select your user(s) and then click "Mark Training as Complete" from the options menu.
We've added the ability to assign users to training based on their association with an Okta group. If you have HRIS access enabled on your account, you can now link your Okta account with Haekka. After doing this, you'll be able to assign users via Okta groups from the training assignment modal.
Report an issue with a lesson
Users can now report an issue with a lesson directly in Slack. For global (non-custom) training, we (Haekka) receive the report. For custom trainings, the training owner will receive the report. This will help us more easily collect feedback and improve training over time.
Slack-integrated Phishing Simulator
After investing considerable effort in 2022, we are excited to unveil our new Slack-integrated phishing simulator.
Campaign Cadence: When creating a new campaign, you can choose from a variety of scheduling options, including sending it immediately, or at random intervals such as every two weeks, month, quarter, six months, or year. This allows you to target high-risk users with more frequent campaigns and low-risk users with less frequent campaigns.
Phishing Templates: Our phishing simulator will launch with 10 new templates, including ones that mimic popular SaaS brands such as Zoom, Google, and Adobe, as well as emails from your HR, finance, and executive team.
Attack Actions: When an attack is launched (an attack is whenever a new phishing email is sent from a campaign), users will receive the phishing email based on whatever template(s) you've selected. If multiple templates exist within a single campaign, Haekka will randomly shuffle the templates in order to avoid simple detection by users. When an employee receives the email, Haekka will record the following actions:
- Do nothing: this occurs when an employee has either deleted, archived, or left the email in their inbox unread.
- Reports the email as phishing: this occurs when an employee reports the phishing email using the Haekka Chrome extension.
- Forwards: this occurs when an employee forwards a phishing email sent from Haekka.
- Opens: this occurs when an employee opens a Haekka phishing email.
- Clicks: this occurs when an employee clicks a link from within a Haekka phishing email.
- Breaches: this occurs when an employee, who has clicked a link and landed on a Haekka phishing landing page, breaches their credentials. We do not store any of this information.
Real-time Training: As employees interact with Haekka's phishing emails, we'll train those employees in real-time depending on their actions.
- If an employee clicks a phishing link, we immediately send them a training lesson in Slack.
- If an employee interacts with a phishing landing page, we immediately send them another warning in Slack, with additional training information.
Phishing is a non-standard feature by default. If you'd like to discuss enabling phishing for your Slack workspace, please contact us here.
Bug fixes and improvements
- Some users were receiving long-term notifications for training that was incomplete, but inactive. This has been fixed.
- When adding a lesson to an existing training, percentages for completed trainings are updated accordingly. However, when removing that lesson the percentages were not being updated. We've fixed this.
- There was a bug in the training catalog that prevented some trainings from being demo-able. We've fixed this.
That's it for now! If you have any questions, please don't hesitate to reach out to us.