PhishFortress
    Features

    Phishing Simulation

    Test employee awareness with realistic phishing campaigns

    Security Training

    Interactive modules to educate your team

    Threat Detection

    AI-powered detection of sophisticated phishing attempts

    Incident Response

    Automated workflows to contain and remediate threats

    Solutions

    Financial Services

    Protect sensitive financial data and customer trust

    Healthcare

    Secure patient data and medical systems

    Government

    Defend critical infrastructure and sensitive data

    Education

    Protect student data and research

    Enterprise

    Comprehensive protection for large organizations

    Pricing
    Resources

    Blog

    Latest insights on phishing and security

    Documentation

    Detailed guides and API references

    Webinars

    Educational sessions with security experts

    Case Studies

    Success stories from our customers

    About
    Sign inSign up free
    PhishFortress

    Protecting organizations from sophisticated phishing attacks with AI-powered detection, simulation, and response capabilities.

    Product

    • Features
    • Pricing
    • Security
    • Enterprise
    • Customer Stories

    Resources

    • Documentation
    • Guides
    • API Reference
    • Blog
    • Community

    Company

    • About Us
    • Careers
    • Contact
    • Partners

    © 2026 PhishFortress. All rights reserved.

    Privacy PolicyTerms of ServiceCookie PolicyData Processing Agreement

    Setting Up Your First Phishing Campaign

    A comprehensive step-by-step guide to creating and launching an effective phishing simulation

    Introduction

    Phishing simulations are a critical component of security awareness training. By safely mimicking real-world phishing attacks, you can identify vulnerable users, measure your organization's susceptibility to phishing, and provide immediate education to those who fall for simulated attacks.

    This guide will walk you through creating your first phishing campaign with PhishFortress, from planning to execution and analysis.

    Before You Begin
    Ensure you have completed the account setup process and imported your users into the platform. You should also notify key stakeholders about your plans to conduct phishing simulations.

    Planning Your Campaign

    Before creating your campaign in the platform, it's important to define your objectives and approach:

    Define Your Goals
    What do you want to achieve?
    • Establish baseline phishing susceptibility
    • Test awareness of specific threat types
    • Evaluate effectiveness of recent training
    • Target high-risk departments or roles
    Select Your Approach
    How aggressive should your test be?
    • Difficulty level (easy to sophisticated)
    • Targeted vs. organization-wide
    • Single template vs. multiple templates
    • With or without immediate training
    Important Consideration
    For your first campaign, we recommend starting with a moderate difficulty level and targeting a subset of users. This allows you to gauge reactions and refine your approach before conducting organization-wide simulations.

    Creating Your Campaign

    Follow these steps to create your first phishing campaign in PhishFortress:

    1

    Access Campaign Creator

    Navigate to the Campaigns section in the sidebar and click "Create New Campaign".

    Campaign Creation Screen
    2

    Campaign Details

    Enter the basic information for your campaign:

    • Campaign Name: Choose a descriptive name (e.g., "Q2 2023 Awareness Test")
    • Description: Add details about the campaign's purpose and goals
    • Start Date: When the campaign should begin
    • End Date: When the campaign should conclude (typically 1-2 weeks)
    • Send Time: Choose between immediate, scheduled, or randomized delivery
    3

    Select Template

    Choose a phishing template from the library or create a custom template:

    Browse the template library and filter by category, difficulty, or industry:

    • Password Reset: Simulates IT password reset notifications
    • File Sharing: Mimics document sharing platforms
    • Account Alert: Warns of account issues requiring immediate action
    • Package Delivery: Notification of package delivery or tracking
    • Social Media: Simulates notifications from social platforms
    Template Library
    4

    Target Recipients

    Select which users will receive the phishing simulation:

    • All Users: Send to everyone in your organization
    • Groups: Target specific departments or teams
    • Custom Selection: Handpick individual recipients
    • Random Sample: Select a percentage of users randomly
    User Targeting Interface
    5

    Configure Training

    Set up the training experience for users who click on phishing links:

    • Landing Page: Choose what users see after clicking (warning, training, etc.)
    • Training Module: Assign an immediate training lesson (optional)
    • Feedback Form: Allow users to provide feedback on the simulation
    • Reporting Instructions: Include guidance on how to report real phishing
    Training Landing Page
    6

    Review and Launch

    Review all campaign settings and prepare for launch:

    • Preview Email: See exactly how the phishing email will appear
    • Test Delivery: Send a test email to yourself
    • Verify Settings: Double-check all campaign parameters
    • Launch Campaign: Activate the campaign according to your schedule
    Final Checklist
    • Ensure your IT and support teams are aware of the campaign
    • Verify that executive stakeholders have approved the simulation
    • Check that your landing page includes clear educational content
    • Confirm that tracking is properly configured to collect results

    During the Campaign

    While your campaign is active, monitor its progress and be prepared to address any issues:

    Real-Time Monitoring

    Use the campaign dashboard to track key metrics in real-time:

    • Delivery Rate: Percentage of emails successfully delivered
    • Open Rate: Percentage of recipients who opened the email
    • Click Rate: Percentage of recipients who clicked on phishing links
    • Report Rate: Percentage of recipients who reported the email
    • Credential Submission: Users who entered credentials on landing pages

    Support Preparation

    Be ready to handle questions and concerns:

    • Prepare your IT helpdesk with information about the campaign
    • Create a FAQ document for common questions
    • Monitor support tickets related to the phishing simulation
    • Have a point of contact available for escalations

    Campaign Adjustments

    Be prepared to make changes if necessary:

    • Pause the campaign if critical issues arise
    • Adjust timing if it conflicts with unexpected business events
    • Extend the campaign if delivery rates are lower than expected
    • Add additional recipients if needed

    Analyzing Results

    After your campaign concludes, analyze the results to gain insights and plan next steps:

    Campaign Results Dashboard
    Key Metrics Analysis
    • Overall Susceptibility: Percentage of users who fell for the phish
    • Departmental Comparison: How different teams performed
    • Time Analysis: When most clicks occurred
    • Device Breakdown: Desktop vs. mobile click rates
    • Reporting Rate: How many users reported the phish
    User Behavior Insights
    • Repeat Clickers: Users who clicked multiple times
    • Credential Submission: Users who entered sensitive information
    • Training Completion: Percentage who completed follow-up training
    • Time to Report: How quickly users reported the phish
    • User Feedback: Comments from the feedback form

    Next Steps

    Based on your campaign results, consider these follow-up actions:

    Targeted Training

    Assign additional security awareness training to users who clicked on phishing links, focusing on the specific tactics used in your simulation.

    Executive Reporting

    Create a summary report for leadership highlighting key findings, risk areas, and recommendations for improving security awareness.

    Campaign Schedule

    Develop a regular schedule for phishing simulations, gradually increasing difficulty and varying the tactics used to build comprehensive awareness.

    Policy Review

    Evaluate if your security policies need updates based on campaign findings, particularly around reporting procedures and handling suspicious emails.

    Continuous Improvement
    Security awareness is an ongoing process. Use the insights from each campaign to refine your approach and gradually build a security-conscious culture in your organization.
    Campaign CreationTemplate Library