BrainStorm Threat Defense phishing templates will be sent as part of a Campaign. 


Campaigns consist of:

  • Email to be sent as part of the campaign
  • Landing Page user is directed to in the email
  • Feedback Page user is directed to if “phished”
  • Sending Profile
  • Domain used for the Landing Page and Feedback Page (generated by BrainStorm)
  • Target Audience for the respective campaign (Group)
  • Date to Start the campaign
  • Date to Complete the campaign
  • Type of automatic Trigger
  • Add to Group action of automatic Trigger

While this document will outline how to create a new campaign, please note that BrainStorm provides preconfigured Campaigns that can be duplicated and modified prior to use. To learn how to modify a campaign, see Modify a Threat Defense Campaign.


Prior to creating a campaign, you will need to create a corresponding Sending Profile and Group, and BrainStorm will need to generate a corresponding domain. If you are not using a BrainStorm-generated Email Template, Landing Page, and/or Feedback Page, you will also need to create them prior to creating your campaign.


  1. Click New > Campaign > Simulated Phishing > Campaign from the Action Bar
  2. Enter a Campaign Name
  3. Select a Campaign Type from the Type pulldown menu
    Campaign Type doesn’t impact how the Campaign itself behaves, but can be a visual indicator defining the campaign, and may be used for reporting as it becomes available.
  4. Select an Email Template from the Email Template pulldown menu
  5. Select a Landing Page from the Landing Page pulldown menu
  6. Select a Feedback Page from the Feedback Page pulldown menu
  7. Select a Sending Profile from the Sending Profile pulldown menu
  8. Select a Domain from the Domain pulldown menu
    NOTE: These Domains are generated by BrainStorm and will be used for the Landing and Feedback pages
  9. Select either Direct Send (Recommended) or SMTP Account from the Sending Method pulldown menu
    If you change the Send Method to SMTP Account, you will be required to select a corresponding Sending Profile. Steps 11-14 only apply when using the Direct Send method.
  10. Click the Next arrow
  11. Enter a Sender Name in the Sender Name field to match the campaign
  12. Enter a Sender Email in the Sender Email field to match the campaign
  13. Enter a Reply To Email (optional)
    NOTE: Allows you to route replies to an internal email rather than escalating emails to the sender. This email will only be visible to the end users if they reply.
  14. Enter a Reply To Name (optional)
  15. For the Target Audience, use Type Assist or click Browse
    • Type Assist - enter a minimum of three (3) characters to be presented with options matching what you typed
    • Browse - find and select the desired Group
      NOTE: It is BrainStorm’s best practice that you initially send each Campaign to a test Group to thoroughly validate all steps.
  16. Select the desired Time Zone for this campaign from the Time Zone pulldown menu
    You will not be able to change the Time Zone or set a Start or Send By Date until you have selected a Target Audience. The selected time zone will determine when the campaign actually starts.
  17. Choose a Date and Time to start sending Campaign emails in the Start Date field
  18. Choose a Date and Time by which to have all Campaign emails sent in the Send By Date field
    NOTE:  To avoid sending issues, emails will be distributed between the Start and Send By date. The Send By Date will pre-populate with the estimated time needed to safely send to all targeted, but you can extend as desired. You should not, however, change the date/time to anything earlier than the default.

  19. Click the Next arrow
  20. Choose a Trigger from the Trigger pulldown menu (optional, unless a Group is selected in the Add To section)
    • Open
    • Click
    • Submitted
    • Reported Email
  21. Choose a Group from the Add to pulldown (optional, unless a Trigger is selected in the Trigger section)
    NOTE: These settings will automatically add users to the designated Group which can be assigned additional security training. For example, you can add any user who submitted data during the Microsoft Password Reset Phishing Campaign to a Group that has the Recognizing Phishing – Expired Passwords Skill Path assigned. This Group is different that the Group used in the Target Audience.
  22. Check Notify users when added if you want your users to receive an email when automatically added to this group. Leave unchecked for no notification.
  23. Click the ACTION plus (+) sign to add the group
  24. Click the ACTION plus(+) sign to add an additional Trigger Type

    VERY IMPORTANT: If you do not click the ACTION plus (+) sign users will NOT be added to the Group when they select the trigger
  25. Click the Finish checkmark

The Campaign will move from Draft to In Progress on the Start Date.


IMPORTANT NOTE:  7 days from the start of your Campaign or once the Campaign is marked as Completed, an email will be sent to all users. This email is not configurable and is not able to be withdrawn. 

The email will contain various sections:

  • Introduction
  • Who the Phishing Email Came From
  • What the Phishing Email looked like
  • What the Landing Page Looked like
  • Etc.

The email will look something like the following: