Skip to content
English
More support Sign in
Contact us
  • There are no suggestions because the search field is empty.

Launching a Phishing Campaign

Phishing campaigns target users in 2 ways. Fast Launch: quick setup without settings. Campaign Manager: advanced features for scheduling, target groups, SMTP delay, expiration, scenarios, and randomization.

- Create A Campaign
  - Campaign Settings
  - Phishing Scenarios
  - Target Audience
  - Delivery Settings
  - Campaign Summary
- Reply Tracking
- How to Launch Scenarios Based on Users’ Preferred Language

Create A Campaign

To access the Phishing Campaign Wizard, go to the left-hand menu and select "Phishing Simulator" followed by "Campaign Manager." Look for the "+ NEW" button and click on it. The wizard will then guide you through four areas for configuration and launch and will be described in depth in the following sections:

ℹ️ Before launching a phishing campaign, you must create a target user group on the Company > Target Users > Groups page

         

Campaign Settings

Enter basic information about this campaign. The components of the Campaign Info page are explained below:

Campaign Name
The name of the campaign
Hyper-Personalization

This feature allows you to tailor simulation scenarios based on the recipient’s language preferences. You can choose from two options when launching a campaign:

  •  Send in a manually selected language: Select a specific language to send the scenario to all recipients, regardless of their preferred language settings.
  •  Send in the target users' preferred language: Deliver scenarios in each recipient’s preferred language. If a user has no preferred language set, the scenario will be sent in the company's default language.
Smart Grouping
Users who fail this campaign will be automatically added to the selected target group
Schedule
The date and time of the campaign launch:
  • Send now: Check this box if you want to launch the campaign right away
  • Save for later: Check this box if you want to send the campaign later
  • Schedule for: Check this box to begin the campaign on a specific date.
Duration
Select the time period you want to keep this campaign active
Mark As Test
Select this box if you want to exclude the results of the campaign from the overall company score
Reply Tracking
Enter custom reply-to address to track replies. Please click here to learn more.
         

Phishing Scenarios

Select one scenario to send selected target users or select multiple phishing scenarios to distribute randomly. With the latter feature, choose not just one, but multiple phishing scenarios to deploy randomly among your selected target users. By deploying multiple randomized scenarios, you can replicate a wider range of real-world phishing attacks, keeping your users on their toes and ensuring they stay vigilant against evolving threats.

ℹ️ If multiple scenarios are selected, each user will receive a random scenario from those selected.

ℹ️ When creating Scenarios you can add a tag, for example, monthYear or multiple, for ease of selection when creating a campaign. This is especially helpful when dealing with a large number of scenarios.

Scenarios
Select scenarios to be sent to selected target users.
Type
Filter scenarios according to their method type.

Language
Filter scenarios according to their language.
Difficulty
Filter scenarios according to their difficulty level.

Category
Filter scenarios according to their threat type.
Scenario Distribution

Select how scenarios will be sent to users:

  •  Select scenarios manually: The selected scenarios by the admin will be sent to target users.
  •  Select random scenarios for each user: The platform will randomly select scenarios from the scenarios menu for each user. Use filters (Type, Language, Difficulty, and Category) to list scenarios from which the platform will pick randomly.
  •  Select the same random scenario for all users: The platform will randomly select one scenario from the scenarios menu for all users. Use filters (Type, Language, Difficulty, and Category) to list scenarios from which the platform will pick randomly.
  •  AI Ally selects scenario for each user: If you filter scenarios by Type, Language, Difficulty, or Category and then proceed to select target users, the AI Ally will choose a scenario from the filtered options for each user.
    •  The selection will be based on each user's specific attributes, such as their Phone Number, Timezone, User Agent, Company Country, and Department Name to ensure the most relevant scenario is sent to each user.
    •  As information, Personally Identifiable Information (PII) is never shared with the AI model.
         

Target Audience

Select target groups for your campaign.
Target Audience
Choose one or several recipient groups to send the selected phishing scenarios to.
Limit Recipients
 
  • Send only to users with an active phishing reporter add-in: Select this option to send the campaign only to users with an active phishing reporter plug-in.
  • Send this campaign to randomly selected users: Choose this option to send the phishing campaign to randomly selected users within the target group. You have the option to choose a percentage of the group or a specific number of users.
         

Delivery Settings

Set email delivery options.
The components of the Delivery Settings page are explained below:

ℹ️ Handles thousands to millions of emails per day via SMTP, with a delivery speed of up to 100,000 emails per minute under ideal conditions.

ℹ️ If Direct Email Campaign (DEC) is selected, the sending limit is 130,000 requests per 10 seconds, but this is configurable based on requirements.

Email Delivery
Choose the email delivery settings with the default being SMTP.
Frequency
If you have selected multiple scenarios, you can choose how often you would like to send the scenarios randomly to the selected groups.
Schedule

The date and time of the campaign launch:

  •  Save for later: Check this box if you want to send the campaign later. To send now, click the "Now" button after opening the date and time pop-up.
  •  Schedule for: Check this box to begin the campaign on a specific date.
  •  Enable Region-Aware Time Zone Delivery: Send phishing simulation emails based on the target users' time zones. Users without a defined time zone will receive the email based on the organization's main time zone.
Distribution
 

When you launch a phishing campaign to a large audience, this feature ensures that the emails are not blocked or quarantined by the recipient's email server. It achieves this by distributing the emails over a period of time rather than sending them all at once.

  •  Send emails when the campaign starts: As the campaign begins, emails are immediately dispatched to the selected target users.
  •  Send emails on defined days and hours: You can determine the specific days and times when emails will be delivered to the chosen target users.
    •  Sending limit per batch: Define the quantity of emails you'd like to send to the recipients in each batch during the chosen days and times.
    •  Send emails with delay every: Decide on the duration of the pause between sending each batch, whether it's in seconds, minutes, or hours.

The system will automatically determine and show you the duration required to send the campaign to the designated number of recipients based on your chosen settings.
         

Campaign Summary

All of the details of the phishing campaign are easily accessible on one page, along with a preview of the phishing scenario and the landing page.
The components of the Campaign Summary page are explained below:
Campaign Info
The name of the campaign, the difficulty level, and the phishing technique employed. (Data Submission, Click only, Attachment)
Settings
Date and time of the campaign, the number of emails to be sent, and the email delivery info
Other
Other additional enabled settings will appear here such as the "mark as test" option if selected.
Target Users
The target users who will receive the phishing email.
Click on Preview to see the target users count and target user groups.
Email that will be sent to users
 
The phishing email template selected for the campaign 

Click Preview to see how it will be displayed in the target users’ inboxes
Landing page for users who click on the phishing link
The landing page template selected for the campaign. 

Click Preview to see how it will be displayed in the target users’ browsers
Schedule
By enabling the frequency feature, you can view the date and time when the scenarios will be delivered to the selected groups.
Click Start to launch the campaign.
Click Cancel to rescind all of the actions, then click Quit in the pop-up window. If you want to make additional edits, click Continue Editing.

Reply Tracking

The "Reply Tracking" feature allows system administrators to monitor and identify users who respond to phishing simulation emails. This not only helps in evaluating employee awareness but also provides valuable insights into how users engage with suspicious emails. By understanding user behavior, organizations can tailor their training efforts and mitigate potential risks more effectively.

Why Use the Reply Tracking Feature?

  •  Identify High-Risk Users: Track which employees engage with phishing emails by replying, so you can provide targeted training to address their vulnerabilities.
  •  Gain Behavioral Insights: Understand what employees typically write when responding to phishing emails, which can reveal potential patterns of risky behavior.
  •  Improve Security Awareness: Use the data collected to refine your awareness campaigns and educate employees on best practices for handling suspicious emails.

How to Enable and Use the Reply Tracking Feature

Follow the steps below to enable and utilize this feature:

  1.  Navigate to Phishing Simulator > Campaign Manager, then click the + NEW button.
  2.  Fill in the required fields. For more details on setting up a campaign, refer to the beginning of the documentation.
  3.  Enable the "Reply Tracking" option.
  4.  Enter a custom email name and select one of the simulation domains provided by the platform.
  5.  To review the content of reply emails, enable the "Save reply email content for review" option. This allows you to view the content of the replies directly in the campaign report.
  6.  Click Next and select the scenario you wish to launch for your employees.
  7.  Configure the remaining settings as needed. For detailed guidance, refer to the "Create a Campaign" section in the documentation.

Once your campaign is live, any employee who replies to the simulation email will appear in the campaign report under the Replied menu. You can review the details of their replies if you have enabled the "Save reply email content for review" option.

For more information about campaign reports, refer to the full documentation here.

How to Launch Scenarios Based on Users’ Preferred Language

The Preferred Language feature allows you to send phishing simulation scenarios in each recipient’s preferred language. If a preferred language is not set, the system will default to the company's preferred language.

Setting Up Preferred Languages for Users

Before launching a campaign with this feature, you must assign preferred languages to users:

  1.  Navigate to Company > Target Users.
  2.  Assign a preferred language to each user.
  3.  Add these users into a Target Group.
Enabling Preferred Language in a Campaign

To launch a campaign using this feature:

  1.  Navigate to Phishing Simulator > Campaign Manager.
  2.  Click the + NEW button to create a new campaign.
  3.  In the Hyper-Personalization section, select:
    •  "Send in the target users’ preferred language" → The system will send scenarios in each recipient’s preferred language. If no preferred language is set, the company's default language will be used.
  4.  Complete the remaining campaign fields and settings as needed.
  5.  Click Next to proceed through scenario selection, target groups, and other customizations.
  6.  Click Launch to start the campaign.
How Scenarios Are Assigned Based on Language
  •  If a scenario is available in the user's preferred language, they will receive that version.
  •  If a scenario is not available in the user’s preferred language, the system will send the scenario in the company’s default language.
  •  If no scenario matches either the user's preferred language or the company’s default language, the system will prompt you to select appropriate language versions before launch.

This ensures that users receive scenarios in the most relevant language for them, improving the effectiveness of phishing simulations.

 
Have questions or need assistance? Feel free to submit a request via our Contact Us page.