Skip to content
PhishSpot Manual

Common Workflows

16.1 Running Your First Campaign

Section titled “16.1 Running Your First Campaign”

Follow these steps to run your first phishing simulation:

  1. Add your contacts via CSV import (Settings → Contacts).

  2. Create at least one group and assign your contacts to it (Settings → Groups).

  3. Verify your sending domain (Settings → Secured Domains).

  4. Browse the template library and find a suitable phishing template (Templates).

  5. Click Quick Launch on the template, or create a new campaign manually (Campaigns → New Campaign).

  6. Walk through the 6-step wizard: configure settings, customize the email, set up the landing page, choose a post-click action, select recipients, and review.

  7. Send a test email to yourself and verify everything looks correct.

  8. Start or schedule the campaign.

  9. Monitor results on the campaign dashboard.

16.2 Ongoing Phishing Program

Section titled “16.2 Ongoing Phishing Program”

For a continuous security awareness program:

  1. Schedule recurring campaigns to automatically repeat at set intervals.

  2. Use different templates each time to test various attack vectors.

  3. Monitor the Trend Dashboard to track improvement over time.

  4. Focus additional training on departments or groups with higher click rates.

  5. Export cumulative reports for quarterly management reviews.

  6. Regularly update your contact list as employees join and leave.

16.3 Responding to High-Risk Users

Section titled “16.3 Responding to High-Risk Users”

When the platform identifies users with high risk scores (red badges):

  1. Review their profile to see which campaigns they fell for.

  2. Check if they completed the assigned training courses.

  3. Consider assigning them to a special group for additional targeted campaigns.

  4. Use the contact filters to find all high-risk users across the organization.