BrainStorm Threat Defense phishing templates will be sent as part of a Campaign. 


Campaigns consist of:

  • Email to be sent as part of the campaign
  • Landing Page user is directed to in the email
  • Feedback Page user is directed to if “phished”
  • Sending Profile
  • Domain used for the Landing Page and Feedback Page (generated by BrainStorm)
  • Target Audience for the respective campaign (Group)
  • Date to Start the campaign
  • Date to Complete the campaign
  • Type of automatic Trigger
  • Add to Group action of automatic Trigger

While this document will outline how to create a new campaign, please note that BrainStorm provides preconfigured Campaigns that can be duplicated and modified prior to use. To learn how to modify a campaign, see Modify a Threat Defense Campaign.


Prior to creating a campaign, you will need to create a corresponding Sending Profile and Group, and BrainStorm will need to generate a corresponding domain. If you are not using a BrainStorm-generated Email Template, Landing Page, and/or Feedback Page, you will also need to create them prior to creating your campaign.


  1. Click New > Campaign > Simulated Phishing > Campaign from the Action Bar.
  2. Enter a Campaign Name.
  3. Select a Campaign Type from the Type pulldown menu.
    Campaign Type doesn’t impact how the Campaign itself behaves, but can be a visual indicator defining the campaign, and may be used for reporting as it becomes available.
  4. Select an Email Template from the Email Template pulldown menu.
  5. Select a Landing Page from the Landing Page pulldown menu.
  6. Select a Feedback Page from the Feedback Page pulldown menu.
  7. Select a Sending Profile from the Sending Profile pulldown menu.
  8. Select a Domain from the Domain pulldown menu.
    NOTE: These Domains are generated by BrainStorm and will be used for the Landing and Feedback pages.
  9. Select either Direct Send (Recommended) or SMTP Account from the Sending Method pulldown menu
    If you change the Send Method to SMTP Account, you will be required to select a corresponding Sending Profile. Steps 11-14 only apply when using the Direct Send method.
  10. Click the Next arrow.
  11. Enter a Sender Name in the Sender Name field to match the campaign.
  12. Enter a Sender Email in the Sender Email field to match the campaign.
  13. Enter a Reply To Email (optional).
    NOTE: Allows you to route replies to an internal email rather than escalating emails to the sender. This email will only be visible to the end-users if they reply.
  14. Enter a Reply To Name (optional).
  15. Check the Send Compliance Email box to send out an email to all users seven days from the start of your Campaign or once the Campaign is marked as Completed informing users of the phishing campaign emailThis email is not configurable and cannot be withdrawn. If desired, uncheck this box to not send the email. An example of this email can be viewed at the bottom of this support article.  
  16. For the Target Audience, use Type Assist or click Browse.
    • Type Assist - enter a minimum of three (3) characters to be presented with options matching what you typed.
    • Browse - find and select the desired Group.
      NOTE: It is a BrainStorm best practice that you initially send each Campaign to a small test group to thoroughly validate all steps and that the domain hasn't been compromised. 
  17. Select the desired Time Zone for this campaign from the Time Zone pulldown menu
    You will not be able to change the Time Zone or set a Start or Send By Date until you have selected a Target Audience. The selected time zone will determine when the campaign actually starts.
  18. Choose a Date and Time to start sending Campaign emails in the Start Date field.
  19. Choose a Date and Time by which to have all Campaign emails sent in the Send By Date field.
    NOTE:  To avoid sending issues, emails will be distributed between the Start and Send By date. The Send By Date will pre-populate with the estimated time needed to safely send to all targeted, but you can extend as desired. You should not, however, change the date/time to anything earlier than the default.

  20. Click the Next arrow.
  21. Choose a Trigger from the Trigger pulldown menu (optional, unless a Group is selected in the Add To section).
    • Open
    • Click
    • Submitted
    • Reported Email
  22. Tip: It's recommended you select Submitted as the trigger type. It is the most accurate indicator that the user fell for the phishing scam and indicates that the user did submit information as requested in the phishing email. Clicks are only 75-80% accurate as sometimes clicks are from security bots. Opens are generally inaccurate as emails can register as "Opened" when scrolling on a mobile device. 

  23. Choose a Group from the Add to pulldown (optional, unless a Trigger is selected in the Trigger section)
    NOTE: The group will automatically be generated and named based on the trigger and campaign name. For example, if the trigger is Submitted and the campaign is Amazon - Password Phishing the group will be named "Submitted - Amazon Password Phishing" and will contain all users who submit information in the link in the campaign email.
  24. Click the ACTION plus (+) sign to add the group trigger.
  25. Optional: Check the box below the Trigger Type to set a due date on completing the assigned Skill Path or Asset.
  26. Click the ACTION plus(+) sign to add an additional Trigger Type.

    VERY IMPORTANT: If you do not click the ACTION plus (+) sign users will NOT be added to the Group when they select the trigger
  27. Click the Finish checkmark

The Campaign will move from Draft to In Progress on the Start Date.


IMPORTANT NOTE:  7 days from the start of your Campaign or once the Campaign is marked as Completed, an email will be sent to all users. This email is not configurable and is not able to be withdrawn. 

The email will contain various sections:

  • Introduction
  • Who the Phishing Email Came From
  • What the Phishing Email Looked like
  • What the Landing Page Looked like
  • Etc.

The email will look something like the following: