Phishing simulations are essential for cyber security awareness training, helping users recognise and respond to phishing attempts. This guide walks you through the steps to create and publish a phishing simulation.

Navigate to: Phishing → Phish Creation.

Those marked with * are mandatory fields

Settings

Begin by entering the necessary details for your phishing simulation:

• Name*: Give your phish a unique name.
• Language(s)*: Choose up to 46 language(s).
  • ⚠️ Note: Multi-lingual phish cannot use the multiple phish templates functionality.

Simulation

Choose email templates, select relevant learning experiences, personalise your simulation, and complete it with an exit summary and a disclaimer.

Email Template: 

• Email Type*: Choose an email type for your simulation. This selection will apply across all emails in the campaign. In the next step, you’ll either pick a pre-designed template from the library or create your own using the HTML editor.
• Multiple Email Templates: Enable to add multiple templates to your phish.
• Email Template & Learning Experience*: Add email templates, then assign a learning experience to each template.
• Email Attachment: Add a single trackable attachment to your phish simulation.

Exit Summary:
This text will appear after the user has completed the learning experience to further inform them that they have been involved in a phishing simulation.

Disclaimer: 

• Custom Disclaimer: Enabling this optional disclaimer will display the text within the learning experience.

Preview

• Send a Preview: You must preview your Phish Creation, which can be sent to up to 5 users.
• Successful Preview: Once successful, your Phish Creation will be ready to schedule for publishing.
• Failed Preview: Fix any errors and resend the preview to proceed with publishing.

Preview Setup*: Select the users you want to send a preview to.

Launch setup

Set your preferred settings, select target users, and schedule your simulation.

Settings

• Exclude from Reports: Enabling this option will exclude this Phish from Phish Reporting for testing purposes. You can undo this at any time.
• Manage in Campaign: Enabling this will make this Phish available in Campaign creation. Targeting and timing can then only be set during Campaign creation.
• Anonymous Responses: Enabling will anonymise the identity of targets from Phish Reporting, and cannot be undone when published.
• Enable Risk Score: Enabling ensures that this content contributes to your users overall Risk Score.
• Categories*: Categories help control who sees specific Phish in reports, ensuring only the right business users have access to targeted campaigns. Categories can be created and managed in your settings.

Targeting*

Select the users you want to target in your Phish. You can upload a file, choose individually, or do both.

Random Targeting

Automatically allow the system to send phishing emails to a random selection of your chosen percentage of users. To make changes, disable this option, make your updates, and re-enable it before publishing.

Timing

• Immediate Delivery: If enabled, the simulation will begin automatically after clicking Publish. Immediate delivery is not available for campaigns with more than 5,000 targets.
• Time Zone: Choose the time zone in which your campaign should run. All delivery times will follow this setting.
• Schedule Delivery: Schedule your phishing simulation to run over a defined timeframe.
• Date & Time*: Set the date and time for your phish to start. All Phish will be sent out at once.