search

How to launch a phishing campaign?

This article explains how to create and launch a phishing campaign using the Phishing module in Stoïk Protect.

hashtag
Before you start

Make sure the phishing module is set up and employees are synchronized. See Phishing module setup

hashtag
Step 1 — Access the phishing module

  1. Go to Phishing in Stoïk Protect > tab Campaigns

  2. Click Create a campaign

You will be guided through the campaign creation flow.

hashtag
Step 2 — Configure the campaign

hashtag
Name the campaign

Give your campaign a clear name to easily identify it later.

hashtag
Choose the campaign schedule

Start date

  • By default, the campaign starts tomorrow

  • You can edit the start date if needed

Email delivery distribution

Choose when phishing emails will be sent. Emails are distributed over time so employees don’t receive them all at once (except when selecting Immediately).

  • Immediately

  • Within 24 hours

  • Within 7 days

  • Within 15 days

  • Within 30 days

Each employee receives one email, sent at a different time within the selected period.

Recurrence

  • End the campaign → One-shot campaign

  • Repeat the campaign → Recurring campaign This option is available only when the frequency is not set to Immediately or Next 24 hours.

hashtag
Select the audience

Choose who will receive the phishing emails. You can:

  • Select all employees

  • Select employees from one or more tenants

  • Select employees from one or more groups

  • Manually select individual employees

You can use the search bar to quickly find employees.

hashtag
Select phishing content

Choose the phishing content to use in the campaign:

  • Select all templates

  • Select specific templates

  • Select specific scenarios within templates

  • Combine scenarios from different templates

You can use the search bar to quickly find templates or scenarios.

hashtag
Step 3 — Launch the campaign

  1. Review your campaign configuration

  2. Click Start campaign

The campaign is automatically saved as a DRAFT before being launched.

Your phishing campaign will start according to the configuration you selected.

circle-info

You can run multiple phishing campaigns at the same time. Each campaign is managed independently and can target different audiences or use different scenarios

hashtag
What happens after launch?

  • Phishing emails are sent through your email provider to ensure reliable delivery

  • Employee interactions are tracked automatically

  • Results are available in the Campaign dashboard

To learn how to analyze results, see: Understanding phishing results and performance

hashtag
Managing a campaign

You can pause a campaign at any time by going on the campaign > Settings > Pause.

Once paused, you can archive a campaign by going on the campaign > Settings > Archive.

PreviousCommon errors during Phishing module setupNextManaging employees and groups

Last updated

Was this helpful?