How to Create a Phishing Campaign

1. Navigate To Phishing

Before you can create a phishing campaign, you will need to Navigate to phishing

2. Target Domains

Before creating a phishing campaign, please make sure you have verified your target domain.

If you have not set up your target domain; take a look at our guide Adding A Target Domain.

3. Phishing Simulator

In the Phishing Simulator, you will see a table showing phishing campaigns that have been created, as well as their status and action icons.

Screenshot of the phishing campaigns

4. Add A Campaign

To create a campaign, click on the 'Add' button that can be found in the top right corner of the phishing simulator.

Screenshot of the add button

5. Campaign Name

You will then be asked to create a campaign name. Enter the name you would like for the phishing campaign.

Screenshot of campaign name

6. Covert mode

Before you can create a campaign, you will have to decide if you want the campaign to run in covert mode or not.

Covert mode disables the training at the end of the simulated phishing campaign that the end-user would normally be presented. Instead, the end user can view the training in the "phishing results tab" within manage.

To enable covert mode, tick the 'enabling covert mode' box that can be found underneath the campaign name.

Screenshot of the covert button

7. Create Campaign

After adding a campaign name and deciding if the campaign will run in covert mode, click 'Create'.

Screenshot of the create button

8. Phishing Schedule

Once you have created the campaign you will need to set a release schedule for that phishing campaign. To do this, click on the newly created campaign name.

You will then be taken to the phishing simulator schedule overview.

To add a schedule, click the add button that can be found at the far right of the schedule row.

Screenshot of the schedule add button

9. Name

The first step in setting up the simulated phishing campaign schedule is giving the campaign a name.

Screenshot of the campaign name

10. Phishing Template

You will then have to select the template/templates you would like to use in the campaign. Each template needs to be added individually. There is no limit to the number of templates that you can use.

Click the 'Add' button to add the template.


Only one template will be sent per user. All templates are sent at random.

Screenshot of Yipee phishing template

Once you have selected the templates, you will see all the selected templates underneath the template preview.

Screenshot of templates list

11. Date and Time

You will then have to set a date and time you would like to send the phishing campaign. If you are sending the campaigns to users in different countries then it will send the campaigns at their local time.


  1. The timings will only get sent at the local time of different countries if it has been configured for that group.
  2. We recommend using 5 working days for the phishing campaign. However, it is your choice on how long the campaign runs for.

Screenshot of tutorial date and time

12. Select groups

You will then have to decide which groups you would like to send the phishing campaign to.

All the groups that have been added to the LMS will appear in the target group. You can select as many groups as you would like or you can select the 'everyone' group.

To add a target group, click the 'Add [+]' button. The list of groups will appear at the bottom.

Screenshot of target groups

13. Add

Once you are happy with the templates, groups and timings you have selected for the campaign click 'add' to complete the process.

Screenshot of the add button

14. Start

After clicking the add button, you will be taken back the main page of the phishing simulator.

Click the 'start' button to start the simulated phishing campaign.

Screenshot of the start button

15. Campaign Checklist

Before you can complete the process of starting the simulated phishing campaign, you will be taken to the campaign checklist page.

This is where you will have to confirm the following:

  1. Website domains have been whitelisted
  2. Hut Six Mail server has been whitelisted.

Screenshot of the campaign confirmation list

16. Begin Campaign

Once the two boxes have been checked and confirmed, click the 'Begin Campaign' button to start the simulated phishing campaign.

Screenshot of the begin campaign button

Enjoyed using our product?

Help us out by leaving a review for on Gartner Peer Insights!

It only takes 5 minutes of your time and every review helps us immensely to reach new clients. Thank you so much.

Related Articles