Phishing campaign creation

Set up phishing campaigns to go out to specific people, at times of your choosing, with the emails you want

Ben Robinson avatar
Written by Ben Robinson
Updated this week

CybSafe gives you the ability to create phishing campaigns that target specific groups of people.

Create a campaign

To edit campaign settings, navigate to the "Improve behaviours" tab on the left hand menu.

You will then see an overview page of all phishing campaigns that are active, disabled and archived. You can also un-archive a campaign that has been archived.
From here you can edit an existing campaign or create a new one.

If you wish to create a new campaign, click “Create Phishing Campaign”
You can only archive a campaign if it is disabled. Archiving a campaign will exclude the data from the phishing reports.

You will arrive on the “Create campaign” page as seen below:

Here you can select whether a campaign is active or not (campaigns not set to active will not send out any emails), as well as the name of the campaign.

Also customisable is the rate that emails are sent. You can set how many emails go out and the period of time they go out for.

For example you can configure CybSafe to send out 7 emails every 2 weeks or 3 emails every 4 weeks.

Once you have chosen your settings you can choose to save the campaign there and then. This will mean that everyone that is active on CybSafe (anyone who has been uploaded and not deactivated) will begin to receive phishing emails, regardless if they have logged in or been invited to CybSafe.

It will also mean that the campaign runs continuously, with it ending only when you toggle the “Active” button.

Advanced phishing settings

By selecting “Advanced” you have the option of customising your campaign further still:

Here you can set the campaign period, a start and end date for when you want your campaign to run. You can also set the hours in which you want the phishing emails to go out.

Please note that currently these times are for GMT only, so adjust accordingly for your time zone.

Specific groups can also be chosen to be enrolled in a campaign. If selected then only the chosen groups will receive phishing emails.

For more information on how to set up groups check out our article on Group management.

Finally, you have the option to turn on custom email selection. If this is turned on then you will be able to select which phishing emails you want to include in a specific campaign.

Simply select which emails to include with the checkbox and select “add to campaign”. The chosen emails will then appear on the right hand menu under “Campaign templates”.

To assist you in selecting, you are able to preview both the email itself and the simulated attack website.

Create a test phishing campaign

CybSafe also allows you to test phishing emails deliverability and behaviour by creating a test campaign.

These campaigns will send out a defined number of emails (up to 8) all at once to the administrator that creates the campaign. These phishing emails will have the same behaviour as emails in regular campaigns, and are useful to check allowlisting.

To create a test campaign select "Create test campaign" in the campaigns page.

Then you can name the campaign, alter the amount of emails to be sent, and select any emails to be sent (including custom created ones). If this is left blank it will send a random selection of simulated phishing emails emails

After the emails have been sent out you can interact with them and observe their results as you would any other phishing email.

When you have completed interacting with your test phishing campaign remember to archive the campaign in the campaign page. Test phishing campaigns will be included in reports if not archived.

Precise control over simulation send rate

For granular control over how many phishing emails are sent, we recommend the following:

  1. Set the “period of time” setting to one week. This will ensure that when you alter the “number of emails”, they will all be sent within a seven day period.

  2. Keep “period of time” to one week, unless the required frequency of your campaign is lower than one email per week.

Please note: Emails are sent out at random intervals, and not evenly spaced apart. For example if you set a campaign to have seven emails every week, this will not mean that a user is sent one email per day. It is rare, but not impossible, to receive more than one phishing email per day, or to receive none.

Simulation library and create custom phishing emails

You can also create custom email templates to simulate phishing attacks that are specific to your organisation.

This feature can be found on the 'Simulation library' page. Here you can see the entire list of both CybSafe default and your custom-made email templates.

You can also create your own custom phishing emails to send out in your campaigns. To get started, click "Create a new email".

Here is a sample of the editing page where you can create and design your own custom phishing emails:

You can choose to create the phishing email with our text editor or by using HTML.

Our text editor will allow you to upload images and link to other URL's. You can also include personalisation tokens such as a first or last name that will be dynamically changed depending on the recipient.

Once you have created a custom phishing email, you'll be able to view it in the simulation library and will have your organisation name as the author.

Create AI-powered phishing simulation templates

To save you time you can use AI to build out any bespoke templates.

Click on Create new email, this will open our editor but you may spot a fancy new banner.

Click on Generate.

Simply choose the nature of attack, influence technique, emotional trigger and NIST difficulty score.

You can also give additional context on what you would like you template to be.

Once you are happy click on Generate.

Custom landing pages

Our phishing emails will always have a "landing page" which is a simulated attack website that users are brought to after clicking a link on a simulated phishing email.

You can create your own landing pages from scratch or by editing an existing landing page created by CybSafe.

To do so, head to PHISH > Landing page library. You will find a list of landing pages CybSafe has already created.

From here you can preview or duplicate existing templates. If you duplicate a template it will show at the top of the library. You can then edit the template by clicking the three dots and selecting edit. Alternatively if you want to create a new page from scratch, click "Create a new landing page".

You'll be taken to the above page. From here you can edit the HTML of the page to suit your purposes.

Please ensure you follow the requirements outlined on the page.

After you are finished, select "Create landing page". Your new landing page will appear in the simulation library and you will be able to select it as a landing page when creating custom emails, as outlined earlier in this article.

Custom intervention pages

Our intervention page appears when a user exhibits a high risk action (entering credentials or downloading an attachment) with a simulated phishing email.

The default page includes a short video on phishing emails, an explanation of what has happened and some advice on how to avoid being caught out by them. It will also direct users to the Social engineering module in CybSafe which covers how phishing attacks work.

Administrators have the ability to edit this page to include organisation-specific advice such as referring to specific P&P's or letting your people know who to report suspected phish's to.

To create your own intervention page, go to PHISH > Intervention library.

You will see a list of existing intervention pages. To create a new one select "Create new intervention page".

You will see the HTML editor. Here you can edit the intervention page how you desire.

Once created you can preview your intervention page using the 'preview' button to check it displays correctly. If you're happy with how it looks, click 'create intervention page. It will then show up in the intervention library.

Please note: The intervention page selected will be universal for your whole organisation. Different intervention pages cannot be attached to different emails.

Fire and forget

Have you used our 'fire & forget' feature? It's a continuous, automated campaign that includes the entire library of default CybSafe phishing emails, as well as any custom emails you choose to add.

Please note that CybSafe schedules when phishing emails are to be sent, which is every Monday. If a new person is added to a group that is included in a phishing campaign, they will start receiving emails the following Monday.

Still have any questions?

If you still have any questions, you can contact the team at and we will be happy to answer any further concerns.

Did this answer your question?