Phishing Settings
Set up phishing campaigns to go out to specific people, at times of your choosing, with the emails you want
Ben Robinson avatar
Written by Ben Robinson
Updated over a week ago

CybSafe gives you the ability to create phishing campaigns that target specific groups of people.

Create Campaign

To edit campaign settings, navigate to the "Improve behaviours" tab on the left hand menu.

You will then see an overview page of all Phishing Campaigns that are active, disabled and archived. You can also un-archive a campaign that has been archived.
From here you can edit an existing campaign or create a new one.

If you wish to create a new campaign, click “Create Phishing Campaign”
You can only archive a Campaign if it is disabled. Archiving a campaign will exclude the data from the Phishing Reports.

You will arrive on the “Create Campaign” page as seen below:

Here you can select whether a campaign is active or not (campaigns not set to active will not send out any emails), as well as the name of the campaign.

Also customisable is the rate that emails are sent. You can set how many emails go out and the period of time they go out for.

For example you can configure CybSafe to send out 7 emails every 2 weeks or 3 emails every 4 weeks.

Please note that a "week" is calculated as Mon-Friday, not 7 days from when the campaign was created. For example if a campaign starts on a Wednesday and was scheduled for 1 week, some emails may be scheduled to go on the already passed Monday and Tuesday. To ensure all emails are received by your people, we recommend you start campaigns on a Monday and have the campaign period be at least one week.

Once you have chosen your settings you can choose to save the campaign there and then. This will mean that everyone that is active on CybSafe (anyone who has been uploaded and not deactivated) will begin to receive phishing emails, regardless if they have logged in or been invited to CybSafe.

It will also mean that the campaign runs continuously, with it ending only when you toggle the “Active” button.

Advanced Phishing Settings

By selecting “Advanced” you have the option of customising your campaign further still:

Here you can set the Campaign period, a start and end date for when you want your campaign to run. You can also set the hours in which you want the phishing emails to go out.

Please note that currently these times are for GMT only, so adjust accordingly for your time zone.

Specific groups can also be chosen to be enrolled in a campaign. If selected then only the chosen groups will receive phishing emails.

For more information on how to set up groups check out our article on Group Management.

Finally, you have the option to turn on custom email selection. If this is turned on then you will be able to select which phishing emails you want to include in a specific campaign.

Simply select which emails to include with the checkbox and select “add to campaign”. The chosen emails will then appear on the right hand menu under “Campaign templates”.

To assist you in selecting, you are able to preview both the email itself and the simulated attack website.

Create Test Phishing Campaign

CybSafe also allows you to test phishing emails deliverability and behaviour by creating a test campaign.

These campaigns will send out a defined number of emails (up to 8) all at once to the administrator that creates the campaign. These phishing emails will have the same behaviour as emails in regular campaigns, and are useful to check allowlisting.

To create a test campaign select "Create test campaign" in the Campaigns page.

Then you can name the campaign, alter the amount of emails to be sent, and select any emails to be sent (including custom created ones). If this is left blank it will send a random selection of simulated phishing emails emails

After the emails have been sent out you can interact with them and observe their results as you would any other phishing email.

When you have completed interacting with your test phishing campaign remember to archive the campaign in the campaign page. Test phishing campaigns will be included in reports if not archived.

Precise control over simulation send rate

For granular control over how many phishing emails are sent, we recommend the following:

  1. Set the “period of time” setting to one week. This will ensure that when you alter the “number of emails”, they will all be sent within a seven day period.

  2. Keep “period of time” to one week, unless the required frequency of your campaign is lower than one email per week.

Please note: Emails are sent out at random intervals, and not evenly spaced apart. For example if you set a campaign to have seven emails every week, this will not mean that a user is sent one email per day. It is rare, but not impossible, to receive more than one phishing email per day, or to receive none.

Emails library and create custom phishing emails

You can also create custom email templates to simulate phishing attacks that are specific to your organisation.

This feature can be found on the new 'Phishing emails library' page. Here you can see the entire list of both CybSafe default and your custom-made email templates.

Here is a sample of the editing page (WYSIWYG) where you can create and design your own custom phishing emails:

Have you used our 'fire & forget' feature? It's a continuous, automated campaign that includes the entire library of default CybSafe phishing emails, as well as any custom emails you choose to add.

Please note that CybSafe schedules when phishing emails are to be sent, which is every Monday. If a new person is added to a group that is included in a phishing campaign, they will start receiving emails the following Monday.

Still have any questions?

If you still have any questions, you can contact the team at and we will be happy to answer any further concerns.

Did this answer your question?