Phishing simulations are essential for cyber security awareness training, helping users recognise and respond to phishing attempts. This guide walks you through the six steps to create and publish a phishing simulation.

• Navigate to Phishing > Phish Creation.

Step 1: Phish Details

• Begin by entering the necessary details for your phishing simulation.

Required Information:

• Name: Enter a name for the simulation.

• Choose Language(s): Select the preferred language(s) from the drop-down menu. If doing a multi-lingual phish, you cannot use the multiple phish templates functionality.

• Keywords: Prepopulated by default, but you can add your own.

• Description: Provide a brief overview of the simulation.

• Save as Test Data: Exclude this simulation from Phish Reporting if needed.

• Manage in Campaign: Add the phish to a Campaign with other content, such as courses and policies.

• Anonymous Responses: Enable this option to anonymise user identities in reports.

• Categories: Select a category. New ones can be created in Settings.

Step 2: Phish Content

In this step, define the email content for the phishing simulation.

Available Options:

1. Phish Templates: Use prepopulated email templates without modifications.

2. Create Your Own Phish: Design a phishing email from scratch.

3. Customise a Phish Template: Modify an existing template to suit your needs; choose 'Create your own phish', then choose a template you'd like to modify.

Additional Features:

• Multiple Templates: Send a phish campaign with multiple templates - this can be done if using 1 language only.

• Attach Form Data: Test if users enter sensitive information.

• Send Me a Copy: Receive a test version of the email for preview.

Step 3: Email Attachments (Optional)

You can add a spoof attachment to the phishing email to assess if users download it.

To include an attachment, follow the instructions in Add an attachment to a phish.

Step 4: Learning Experience

If a user interacts with the phishing email, they will receive on-point training through the Learning Experience.

Learning Experience Options:

1. HTML: Some HTML experiences can be customised, and you can choose to include embedded Nano videos.

2. Video: Select from our Nano videos.

3. PDF: Choose a PDF as the training content.

4. Upload Your Own PDF: Add a custom PDF training resource.

Customisation:

• Company Logo: Replace the default logo with your organisation's logo.

• Button Text: Users will click this button to confirm they have completed the training.

Note: Some elements may not be available for multi-language simulations.

Step 5: Exit Summary

After completing the Learning Experience, users will see an Exit Summary.

• Customisable Message: Inform users that they have participated in a phishing simulation - Phish - What is an 'Exit Summary'?

• Disclaimer: Add an optional disclaimer within the Learning Experience. 

Step 6: Target

The final step involves scheduling and selecting recipients for the simulation.

Targeting Options:

• UTC: Select the relevant time zone; Daylight Savings is automatically adjusted.

• Start Date: Set the date and time for the first simulation run.

• Random Targeting: Send phishing emails to a random percentage of selected users.

• Stagger: For staggered scheduling, refer to Set up a staggered schedule for phish.

• End Date, Delivery Hours, and Delivery Days: Configure the timeframe for email delivery if using stagger.

• Target Search: Choose users who will receive the phishing email.

Conclusion

By following these six steps, you can create and publish an effective phishing simulation to assess and improve your organisation's cyber security awareness. Regularly updating and refining simulations ensures users stay vigilant against evolving phishing threats.