How to Create a Phishing Campaign
Phishing attacks pose a significant threat to organisations worldwide, making it essential to proactively assess vulnerabilities. Phishing campaigns play a pivotal role in assessing and improving an organisation's resilience against such threats.
Watch our Video Tutorial:
Proactive Preparation:
Before diving into your Security Awareness Training, we recommend the following:
- Run a Preliminary Test Campaign: Conduct a preliminary test campaign involving one or two learners. Confirm with selected learners the receipt of system email notifications on the campaign launch date. This will ensure that your whitelisting and notification settings are correctly configured.
- Launch a Baseline Phishing Test: Understand your organisation's current vulnerability to phishing attacks.
For detailed guidance, explore our How to Launch a Baseline Phishing Test guide.
How to Create a Phishing Campaign
Follow these five simple steps to get started:
Step 1. Create Campaign
- Login into your Admin dashboard.
- Navigate to the 'Phishing' section.
- Click 'Create Campaign'.
Step 2. Select a Template
- Choose from various email templates, including click-only experiences or spoof landing pages.
- Choose the 'Templates' tab.
- Navigate to the template card, and click on the ellipsis menu ('3 dots').
- 'Preview' the templates before making your selection.
- Click the 'Select' option.
Step 3. Choose your Recipients
- Choose to Target 'Everyone', 'Specific Departments', or 'Specific Learners'.
NOTE: Any unlicensed learners at the date of campaign launch will be auto-excluded from phishing campaigns. Keen to include them in the next campaign? No worries – go ahead and renew their licence.
Step 3. Set a Schedule
- Click the 'Calendar' icon icon to select the campaign start date.
- Set the campaign 'Duration' and use the dropdown menu to customise according to your preferences.
Step 4. Select Training Type
- Decide when learners should be notified about the phishing attack.
- Choose from different Training Types based on learner responses.
- When the campaign ends: When the learner clicks/shares info during the phishing simulation they will be redirected to a 404 error page. When the campaign ends the learner will receive an automated email based on their action.
- Just-in-Time Training: When the learner clicks/shares information during the phishing simulation, they will be redirected to a just-in-time training page.
- No Training: When the learner clicks/shares information during the phishing simulation they will be redirected to a 404 error page. No further training interaction is made.
NOTE: Managers may choose not to notify their learners of a phishing campaign at all. This may be used for baseline phishing assessments, where notifications may result in some learners warning others about the ongoing campaign.
Step 5. Complete Setup
- Select the 'Complete Setup' button
- Populate the 'Campaign Name' block field
- Populate 'Description block' field
- Create a spoofed 'Sender Name'. This will change the name displayed in the recipient's mailbox, but it will not change the actual sender's email address or domain.
- Click 'Start Campaign' to launch.
Post-Launch Notifications
- Phishing campaign Notification Emails: A range of notification emails that are sent to Learners as part of a Phishing Campaign, depending on their actions.
- Phishing campaign results: Results of a phishing campaign that recently ended are automatically emailed to the company manager.
For detailed guidance, explore our guide on Overview of System Emails.
If you run into any issues while launching a phishing campaign, let our support team know using the chatbot.