Phishing Security Tests

Last updated:

Create and Manage Phishing Campaigns

Note:We’ve added advanced features to phishing templates! All accounts will be opted in to phishing template advanced features in 2025. For more information, see our Phishing Templates Advanced Features Guide.

Phishing campaigns help your organization identify users who are vulnerable to phishing attacks. With phishing campaigns, you can train your users to reduce the chance of them falling for phishing attacks. To learn more about creating phishing campaigns, follow the steps below or watch our Creating Phishing Campaigns video.

Create a Phishing Campaign

Important:Make sure you import your users into the console before creating a phishing campaign. For more information about importing users, see our Users and Groups article.

To create a phishing campaign, go to your KSAT console and navigate to Phishing > +Create Phishing Campaign. On the New Phishing Campaign page, you can customize your phishing campaign.

  1. Campaign Name: Enter a name for your phishing campaign here. This is a required field.
  2. Send to: Select either All Users or Specific Groups to receive your phishing campaign. If you choose Specific Groups, you must select a group from the drop-down menu. This is a required field.
  3. Frequency: Select how often you would like to send Phishing Security Tests (PSTs) for this campaign. If you select One-time, this campaign will send one PST to each user and then finish. We recommend selecting either Bi-weekly or Monthly.
  4. Start Time: Set the date, time, and time zone you would like your phishing campaign to start. Your default time zone is the one set in your Account Settings.
  5. Sending Period: Select when to start sending PSTs. You can choose to send all of the emails at once or over a period of time.
    • Send all emails when the campaign starts: Emails will begin sending as soon as the campaign begins. The timing of sending and delivery will vary, depending on the number of users in the campaign. In most campaigns, all emails will be sent within an hour after the campaign starts. Users will not receive the email at the same time but will receive it on the same day.
    • Send emails over...Selecting this option will send phishing tests to the users at random, during the time period selected. You can enter a number between one and six and pick business days, weeks, or months.

    For more information about sending and tracking periods, see our How to Monitor and Review Phishing Campaigns article.

  6. Define Business Days and Hours: By default, your campaign will only send emails during the business hours set in your Account Settings. You can change the hours your emails are sent by entering a start and end time in this field. You can also choose what days you would like emails to be sent by selecting the date check boxes.
  7. Track Activity: Select how long you would like to track phishing failures after the sending period ends. You can enter a number between one and six and choose from either days, weeks, or months.

    A campaign will track activity until the campaign’s end date. The campaign’s end date is a combination of three values: the date of the first email, the sending duration, and the tracking duration.

    • Date of the first email: This represents the date, in Pacific Standard Time (PST), of the first email sent during the phishing campaign. 
    • Sending duration: This represents the period of time when your phishing campaign emails were all sent out.
    • Tracking duration: This represents the period of time you track emails from your phishing campaign.

    For more information about sending and tracking periods, see our How to Monitor and Review Phishing Campaigns article.

  8. Track Replies to Phishing Emails: Select this check box to track your user’s replies to phishing emails. For more information about tracking replies, see our How to Use Reply-To Phishing article.
  9. Template Topics: Select the phishing template topics you want to use. You can select one or more phishing template topics. By default, no template topics are selected and your templates will be random. This is a required field.
  10. Set Template Language: Use this check box to select the languages you want to use in this phishing campaign. If multiple languages are selected, users will receive templates in any of the selected languages. This setting will override the account’s default phishing language and the language set in the user’s profile. When this check box is selected, the Language Override Selection drop-down menu will appear. You can select a maximum of five languages.
  11. Difficulty Rating: Select the difficulty rating for your phishing campaign from the drop-down menu. For more information about difficulty levels, see our What Are Template Difficulty Ratings and How Can I Use Them? article.
  12. Template Selection: Select what type of template you would like to use. You can select a specific template or use one of our Automated Template Selections: AIDA Selected, Full Random, or Random. For more information, see our Automated Template Selection article. If you selected to use a specific template, the Specific Template drop-down menu will appear.
    Tip:If you’re interested in further customizing your phishing templates, see our Hide Phishing Templates or Categories and KSAT Account Settings: Phishing articles.
  13. Phish Link Domain: Select the domain you would like to display for phishing links in your campaign from the drop-down menu. Each domain is owned by KnowBe4 and is only used for PSTs. By default, this field will select a random domain. For more information on available domains or how to hide a domain from use, see our How to Manage Phish Link Domains article.
  14. Landing Page: Select the landing page you want to use for your phishing campaign from the drop-down menu. Landing pages are what your users see when they fail a phishing test. If you customized a landing page for your campaign, it will be automatically selected in this field. For more information about landing pages, see our How to Change the Landing Page on Your Phishing Campaign and How to Create and Edit Email Templates and Landing Pages articles.
  15. Add Clickers to: Select a user group you want to add your users who failed their phishing tests. For more information about setting up remedial training, see our How to Set Up a Remedial Training Campaign article.
  16. Send an email report to account admins after each phishing test: Select this check box to automatically send a report to all account admins each time a phishing test finishes. The reports include metrics such as Phish-prone Percentage, number of attachments opened, and more.
  17. Hide from Reports: Select this check box to hide the phishing campaign from user profiles and phishing reports. Hidden campaigns will not impact Risk Scores or Phish-prone Percentages. We recommend using this option when running a test campaign for whitelisting or other phishing functionality tests.

    Once you’ve finished customizing your phishing campaign, click Create Campaign to save all changes.

    You can test your users with different types of phishing tests. For more information about different types of phishing tests, see our What Types of Simulated Phishing Tests Can I Send to My Users? article.

Managing Phishing Campaigns

To manage your phishing campaigns, go to your KMAST console and navigate to Phishing > Campaigns.

  1. You can filter campaigns by clicking Active, Inactive, Hidden, or All.
  2. Here you can find a list of phishing campaigns sorted by their name in alphabetical order. You can see each campaign’s groups, amount of tests, Phish-prone Percentage, the date and time of the last test, the campaign status, and the duration of the campaign.
  3. Click the campaign name to view details about that campaign. For more information, see our How to Monitor and Review Phishing Campaigns article.
  4. The status of the phishing campaign will be listed here. The status can be Pending, Scheduling, Created, Active, Closed, and Error:
    • Pending: The campaign is being created.
    • Scheduling: The campaign’s PSTs are being scheduled to send.
    • Created: The campaign is created but is not currently active. For one-time phishing campaigns, Created indicates the campaign is scheduled to start.
    • Active: The phishing campaign is ongoing.
    • Closed: The campaign is inactive. If the campaign is in the Active subtab and has the Closed status, the campaign is temporarily inactive until the next PST begins. If the campaign is in the Inactive subtab and has a Closed status, either the campaign had a one-time frequency and ended, or the campaign was manually deactivated by an admin. 
    • Error: The campaign has an issue that may prevent it from operating as expected. For more information on what is causing the error, you can hover over the error icon.
  5. View the duration of your campaign. The duration will either be Sending or Tracking:
    • Sending: Your campaign is sending out phishing emails.
    • Tracking: Your campaign is tracking user information.
  6. Click the drop-down arrow in the Actions column to Edit, Clone, Deactivate, Hide from Reports, or Delete a campaign:
    • Edit: Opens the Edit Phishing Campaign page. You can adjust your phishing campaign as needed and click Update Campaign to save your changes. Options that are grayed out cannot be changed.
    Note:If you want to change the frequency of your campaign to One-time, we recommend deactivating the campaign and creating a new one.
    • Clone: Create a copy of an existing campaign. Your cloned campaign will have the same settings aside from a new start time and the word "Clone" in the campaign name. You can remove “Clone” from the title by editing the campaign.
    • Deactivate: Stop your campaign from running or recurring.
      • Once a campaign is deactivated, you will see Activate as an option in the Actions drop-down menu. If you'd like to run the campaign again, we recommend creating a new campaign instead of reactivating the existing campaign. Creating a new campaign will help prevent discrepancies and gaps in your reporting that could be caused by a campaign being inactive.
      Note:One-time phishing campaigns can’t be reactivated.
    • Hide From Reports: Remove this phishing campaign from all reports, Phish-prone Percentages, and user timelines.
      • Once a campaign is hidden, you will see Show in Reports as an option in the Actions drop-down menu. This will include the phishing campaign data in your reports, Phish-prone Percentages, and user timelines.
    • Delete: Permanently delete a phishing campaign and all data, including recipients, failures, reports, and more. This action can’t be undone.

Can't find what you're looking for?

Contact Support