Phishing campaign creation

Manage, create and test your phishing campaigns with this article

Updated over a week ago

CybSafe gives you the ability to create phishing campaigns that target specific groups of people.

Managing campaigns

To manage your campaigns and settings, navigate to the "PHISH" tab on the left hand menu.

On this page you can:

  • Create a new phishing campaign

  • Create a test campaign

  • Manage your campaigns

On the overview page you will see all phishing campaigns that are currently 'active'. To see any past simulations that have been deactivated, select the 'deactivated' toggle in the top right.

On the overview page you can also un-archive a campaign that has been archived, edit an existing campaign or create a new one.

Creating a new campaign

If you wish to create a new campaign, click “Create phishing campaign”


On the “Configuration” page, you can give the campaign a name. If this is your first time running a campaign with CybSafe, we recommend you read our Phishing science page.

When you click 'next' you will be taken to the page where you select your 'audience'.


By default, campaigns are set to include everyone. You can see the 'expected recipients' in the banner at the bottom. So if you have 7284 people in your organisation, you will see this:

Of course you can also set specific filters for the audience you wish to enrol in a campaign. You can do this by selecting the 'add filter' button.

For example: If you select the filter to be by 'Groups' and you select 'Is in - Finance' this will only include those in the Finance department.

For more information on how to set up groups check out our article on Group management.

Please note: CybSafe schedules when phishing emails are to be sent, which is every Monday. If a new person is added to a group that is included in a phishing campaign, they will start receiving emails the following Monday.

Hitting 'next' will then take you to the email scheduler.


This is where to set:

  1. Start date

  2. Setting a continuous (a) or custom time period (b) campaign

  3. Operating hours

  4. Frequency

1. Start date

Choose when you would like your simulation to start.

2 (a). Continuous campaigns

Selecting 'Never (continuous)' here will mean this campaign will continue to run until you go and edit the campaign to end.

2 (b). Custom campaigns

Selecting 'custom' here will allow you to set an exact end date for the campaign

3. Operating hours

Choose the time boundary (hours of the day) you'd like emails to be sent (GMT). By default this is set to 06:00 GMT and 22:00 GMT.

  • Please note: currently these times are for GMT only, so if you have multiple timezones, we recommend choosing one that most of your people use.

4. Frequency

This is how often people will receive the simulated phishing emails per week.

For granular control over how many phishing emails are sent, we recommend you set this to 'every 1 week'. This will ensure that when you alter the number of emails received, they will all be sent within a seven day period.

Please note: Emails are sent out at random intervals, and not evenly spaced apart. For example if you set a campaign to have seven emails every week, this will not mean that a user is sent one email per day. It is rare, but not impossible, to receive more than one phishing email per day, or to receive none.


This is where you choose the phishing templates you wish to use. You can either use 'Fire & Forget' templates, or select specific templates.

  • Fire & forget - uses all of the top rated templates from the CybSafe template library. You can see which ones are included by the toggle in this menu. If you create your own email template that you'd like to add in, you can do this manually by switching the toggle on.

  • Specific templates - this is where you can choose from all email templates. You will need to go through and individually select which templates you'd like to include.

    • If you have any custom emails that you've created, these will appear here too for you to include.

    • You can filter these by language, status, nature of attack, influence technique, emotional trigger and NIST difficulty score.

    • You can preview the email templates by selecting the 3 dots on the right hand column and selecting 'preview'.


This is your page for final checks. We recommend double checking:

  • The campaign name

  • Number of recipients (nobody wants to be that person who sends a phish to the entire organisation by accident!),

  • Start & end dates

  • Frequency of emails

  • Templates

You can amend some of these details after the campaign goes out though.

Activating your campaign

You now have two options, you can either 'Save draft' or 'Activate'.

If you save as a draft, this will go to your 'deactivated' campaigns library ready for you to activate.

If you hit 'activate' it will be ready to go from the start date you have stated in the 'Schedule' section above.

Creating a test phishing campaign

CybSafe also allows you to test phishing emails deliverability and behaviour by creating a test campaign.

These campaigns will send out a defined number of emails (up to 10) to the administrator that creates the campaign. These phishing emails will have the same behaviour as emails in regular campaigns, and are useful to check allowlisting.

To create a test campaign select "Create test campaign" in the campaigns page.

The configuration page is the same as a normal campaign where you can name the campaign. The default campaign name will have 'Test...' already provided.

On the 'schedule' page you can select how many emails you wish to receive.

On the 'content' page, you can either choose the test to send you emails from the 'Fire & forget' templates or 'select specific templates'. We recommend choosing a number of different templates to avoid receiving the same ones.

After the emails have been sent out you can interact with them and observe their results as you would any other phishing email.

Important note!

When you have completed interacting with your test phishing campaign remember to archive the campaign in the campaign page. Test phishing campaigns will be included in reports if not archived.

Here are some more articles that might help when setting up a campaign:

Archiving & deactivating phishing campaigns

You can do this on the Phishing campaigns page, by selecting the 3 dots on the campaign and selecting 'archive or 'deactivate' shown below.

  • A 'deactivated' campaign has been stopped, but is still visible in phishing reports.

  • An 'archived' campaign is 'deactivated' and will be excluded from your phishing reports.

Please note: You can only archive a campaign once it has been deactivated.

Still have any questions?

If you still have any questions, you can contact the team at and we will be happy to answer any further concerns.

Did this answer your question?