Creating A Phishing Campaign
1. Navigate To Phishing
Before you can create a phishing campaign, you will need to Navigate to phishing
2. Target Domains
Before creating a phishing campaign, please make sure you have verified your target domain.
If you have not set up your target domain; take a look at our guide Adding A Target Domain.
3. Phishing Simulator
In the Phishing Simulator, you will see a table showing phishing campaigns that have been created, as well as their status and action icons.
4. Add A Campaign
To create a campaign, click on the 'Add' button that can be found in the top right corner of the phishing simulator.
5. Campaign Name
You will then be asked to create a campaign name. Enter the name you would like for the phishing campaign.
6. Covert mode
Before you can create a campaign, you will have to decide if you want the campaign to run in covert mode or not.
Covert mode disables the training at the end of the simulated phishing campaign that the end-user would normally be presented. Instead, the end user can view the training in the "phishing results tab" within manage.
To enable covert mode, tick the 'enabling covert mode' box that can be found underneath the campaign name.
7. Create Campaign
After adding a campaign name and deciding if the campaign will run in covert mode, click 'Create'.
8. Phishing Schedule
Once you have created the campaign you will need to set a release schedule for that phishing campaign. To do this, click on the newly created campaign name.
You will then be taken to the phishing simulator schedule overview.
To add a schedule, click the add button that can be found at the far right of the schedule row.
The first step in setting up the simulated phishing campaign schedule is giving the campaign a name.
10. Phishing Template
You will then have to select the template/templates you would like to use in the campaign. Each template needs to be added individually. There is no limit to the number of templates that you can use.
Click the 'Add' button to add the template.
Only one template will be sent per user. All templates are sent at random.
Once you have selected the templates, you will see all the selected templates underneath the template preview.
11. Date and Time
You will then have to set a date and time you would like to send the phishing campaign. If you are sending the campaigns to users in different countries then it will send the campaigns at their local time.
- The timings will only get sent at the local time of different countries if it has been configured for that group.
- We recommend using 5 working days for the phishing campaign. However, it is your choice on how long the campaign runs for.
12. Select groups
You will then have to decide which groups you would like to send the phishing campaign to.
All the groups that have been added to the LMS will appear in the target group. You can select as many groups as you would like or you can select the 'everyone' group.
To add a target group, click the 'Add [+]' button. The list of groups will appear at the bottom.
Once you are happy with the templates, groups and timings you have selected for the campaign click 'add' to complete the process.
After clicking the add button, you will be taken back the main page of the phishing simulator.
Click the 'start' button to start the simulated phishing campaign.
15. Campaign Checklist
Before you can complete the process of starting the simulated phishing campaign, you will be taken to the campaign checklist page.
This is where you will have to confirm the following:
- Website domains have been whitelisted
- Hut Six Mail server has been whitelisted.
16. Begin Campaign
Once the two boxes have been checked and confirmed, click the 'Begin Campaign' button to start the simulated phishing campaign.