InsightPhish is a social engineering application that enables your organization to report suspected phishing attacks and lets your security team build internal campaigns to test awareness. The goal is to help your organization learn to identify the key indicators of a phishing attack and understand what they should do when they detect an attack.
To help achieve these goals, InsightPhish offers two key features:
- Review - Review lets your organization easily report suspicious looking emails to your security team so they can investigate and determine if the email poses a legitimate threat. It eliminates noise so you can focus on responding to real phishing threats and reduces the amount of effort and time it takes to investigate, analyze, and respond to reports of phishing attempts.
- Simulate - Simulate generates authentic looking phishing attacks, which enables you to evaluate your organization's ability to detect and handle malicious emails. You can track your organization's performance over time to determine the effectiveness of your security training programs and learn how you can implement additional educational measures to improve awareness.
The first thing you need to do is create an InsightPhish account. Go here to sign up. After you sign up, you'll receive an email that will let you create a password for your account.
Already have an account? Great! Let's log in to InsightPhish.
To access InsightPhish, go to https://insight.rapid7.com/ and log in with your InsightPhish account credentials.
Now that you've logged in to InsightPhish, you're ready to set up and customize your experience. Here's what you'll need to do next:
- Set up your Review Queue
- Verify your domain for simulated campaigns
- Whitelabel your domain so you can send emails
After you've completed these steps, you'll be ready to start simulating campaigns and reviewing any potentially real reported threats.