Phishing Simulation
Phishing simulation campaigns send controlled, harmless phishing emails to your managed users to measure their susceptibility and reinforce good habits through immediate training.
Campaign Lifecycle
Draft → Active → Completed
| Status | Description |
|---|---|
| Draft | Created but not yet sent |
| Active | Running — emails have been sent or are queued |
| Completed | Campaign closed; final metrics locked |
Creating a Campaign
Navigate to SAT → Phishing Campaigns and click + Create Campaign.
| Field | Description |
|---|---|
| Campaign Name | Internal name for tracking (e.g., "Q2 Executive Spear Phish — Acme") |
| Template Type | The phishing scenario (see below) |
| Target Users | Email addresses of users to target |
Template Types
| Template | Description |
|---|---|
| Credential Harvest | Landing page prompts the user to enter their username and password |
| Malicious Attachment | Email contains a simulated malicious attachment |
| Link Click | Email contains a link; tracking fires when clicked |
| Data Entry | Landing page requests sensitive information (e.g., credit card, SSN) |
| Reply To | Tracks users who reply to the simulated phishing email |
Reporting Metrics
Each completed campaign shows:
| Metric | Description |
|---|---|
| Click Rate | Percentage of target users who clicked the phishing link |
| Report Rate | Percentage of users who reported the email as suspicious |
The overall averages across all campaigns are displayed at the top of the Phishing Campaigns page.
Auto-Enrollment in Remedial Training
Users who click a phishing simulation link are automatically enrolled in a remedial training campaign. This immediate response — education directly following a failure — is the most effective way to improve user behavior.
Safe Harbor Sending
Simulation emails are sent from a dedicated phishing simulation domain to ensure they do not interfere with your clients' real email reputation. The sending domain is isolated from your clients' production email infrastructure.
Campaign Actions
| Button | Available When | Description |
|---|---|---|
| Launch | Draft | Sends or queues emails to all target users |
| Complete | Active | Closes the campaign and locks final metrics |