Creating a phishing simulation using the uPhish template library
Creating and sending your phishing simulation is quick and simple. Here's how to launch a uPhish campaign in six simple steps:
Important note:
Please set up Message Injection in Microsoft 365 or Google Workspace to ensure your simulated phishing email will reach your end users.
Getting started
To get started, find the Create simulation page through the top menu in the usecure app.
uPhish -> Create simulation
Step One - Select your attack type
Before creating your simulation, you will need to select an attack type.
There are three attack type options to choose from for a phishing simulation:
Landing Page
Attachment Open
Attachment Open + Landing Page
Landing Page attack type is an email with a link to a landing page. This attack type lures users into clicking a link within the email text.
Users become compromised when they interact with the landing page - which usually involves the user inputting details and then clicking a button which activates the compromise.
Attachment Open attack type allows you to create a phishing email with an attachment.
With the Attachment Open attack type, users become compromised when opening the attachment in the email.
Attachment Open + Landing Page attack type allows you to create a phishing email with an attachment containing a link to a landing page.
With the Attachment Open + Landing Page attack type users will be compromised when inserting their credentials after following a link found in an attachment.
Step Two - Choosing your landing page
For attack types Landing Page and Attachment Open + Landing Page, you will need to choose a landing page for your simulated phishing campaign. You will see pre-built uPhish templates on this page, but if you have created custom landing pages you can see them by scrolling down to the Your Saved Templates section.
You can filter landing pages by language and region to easily find the ones most suitable for your needs.
If you create a custom landing page for your simulation, please do not use real logos or mention the names of a real company in your template.
Step Three - Choosing your email
If you chose one of the uPhish landing page templates, you will see appropriate email templates to fit the landing page's theme. You will also be able to select from all your custom templates by scrolling down to the Your Saved Templates section.
Step Four - Configuring your simulation
Now you're able to configure your simulation by editing the following:
Simulation name
Subject line
Sender name and email address
Landing page domain
You can use the "Use a custom sender email address" toggle to use any email address you wish. However, using an unverified email address may reduce deliverability. Send a test email from the bottom of the page to check deliverability on your system.
Landing domain
The domain health check will let you know about any known issues associated with a domain. However, as domain accessibility may depend based on the browsers and network used, it's a good idea to test a domain on your own system first before launching a simulation. You can do this by launching a test simulation using the button at the bottom of the page.
Preferred delivery method
The Preferred delivery method option is available if you have configured Message Injection - please note if Message Injection fails, emails will fall back to regular mail via SMTP).
You'll also be able to quality check your campaign with the 'Send test email' option at the bottom of the page. You will be able to choose which delivery method you choose to test the email with (you'll most likely want to select the same one as what the email is planned to be sent out with).
Step Five - Selecting recipients & scheduling your simulation
You can now select your recipients and choose the send date and time of your simulation.
Send to All Users - this option will send the email to all active users on your account who have an associated email address
Select Recipients - you may choose individual recipients or groups
Choose a date and time to start sending out the emails - this option sets when the emails will start being sent out
How many hours should the emails be distributed over? - use this option to stagger the emails and ensure all users won't receive them simultaneously.
Only send between working hours? - you can use this option to ensure emails are only sent out during the working hours you have configured in your uPhish settings.
Step Six - Setting up inline training for compromised users
You can optionally choose to automatically send additional training modules to users who become compromised in the simulation. You can do this by selecting an Inline Training module in this step.
We recommend you use the Phishing Micro Training module which is specifically built for this purpose. It explains to users why they are receiving the additional training, why it's important to look out for phishing, and what signs they should look out for. You can, however, choose any uLearn module you wish - including custom ones you've created yourself.
Finally, click Create Simulation to deploy your campaign.
Next steps
Ensure your phishing simulations get delivered by configuring Message Injection
Learn more about uPhish Inline Training
Find out how to customise your uPhish settings