Inspired eLearning's PhishProof campaigns are a powerful tool designed to enhance your organization's security by:
- Simulating realistic phishing attacks: These campaigns allow you to safely assess your employees' ability to identify and respond to phishing threats without exposing your organization to actual risk
- Providing valuable insights into employee behavior: By tracking how employees interact with the simulated phishing emails, you can gain a clear understanding of your organization's vulnerabilities
- Delivering targeted training opportunities: The results of these campaigns can inform your security awareness training efforts, allowing you to focus on areas where employees need the most support
- Measuring the effectiveness of your security awareness program: By running campaigns regularly, you can track progress and demonstrate the impact of your training initiatives
- Helping to build a more security-conscious culture: Consistent exposure to simulated phishing scenarios can raise employee awareness and encourage safer online behavior
Campaign Types
Email Campaign | This tool allows you to send one or multiple emails to selected users. You can choose email templates from our library of system templates, your organization's custom templates, or a combination of both. These emails can be sent to users randomly during a specified time span or all at once. |
USB Drop Campaign |
This tool allows you to place a special file provided by PhishProof onto your own USB drive. The drive can then be placed in a common space in your organization. This allows your organization to assess whether employees are at risk of opening files or enabling macros on documents from found USB devices.
Examples: Parking lot, Breakroom, or another high-traffic location. |
Template Types
There are two types of Templates you can choose from here: Email and Education. First, let's get into email templates.
Email Templates
-
Link Click
- This campaign type will send an email that prompts the recipient to click a link.
The user's action will be recorded upon clicking the link or previewing the link long enough for the tracking script to run. Upon performing one of these actions, the user will see an education landing page.
- This campaign type will send an email that prompts the recipient to click a link.
-
Form Submit
- Campaigns of this type will ask the recipient to fill out a form with their information (we do not retain this data). If they submit the form, the user's action will be recorded, and the Education Landing Page will open in a separate browser tab.
-
Attachment
- This type of campaign sends an email asking the recipient to open an attachment. When opened, instead of being directed to the Education Landing page as with other campaigns, the file's contents inform the user about the risk of their action and provide instructions on what measures to take going forward to prevent similar scenarios. The opening of the attachment will be recorded for the Learner.
Features
Risk Indicator
Risk Indicators provide immediate post-failure feedback by displaying the simulated phishing email immediately after user interaction. An education landing page has contextual annotations that highlight key phishing indicators. It highlights specific suspicious elements, including suspicious content, embedded URLs or QR codes, grammatical or tone inconsistencies, urgency tactics, and unexpected attachments or requests for sensitive information.
QR Code
Instead of a direct link, the email contains a QR code, often with instructions to scan it with your phone to "verify your account," "view an important document," "claim a reward," or something similar that creates a sense of urgency. In a real Phishing scenario, when the QR code is scanned, it can take the user to a phishing website designed to steal your sensitive information, such as login credentials, financial details, personal information, or even automatically download a malicious attachment.
Previewing System Email Templates
Follow the instructions below to preview pre-configured system email templates that are available for use in your campaign.
- Log into iLMS and click PhishProof
- On the left menu, select Templates, then Email Templates
- At the top, click System Templates
- Under Type, select Link Click, Form Submit, or Attachment
- Under Difficulty, select Easy, Medium, and/or Hard - this step is optional
- Under Features, select Risk Indicator and/or QR Code - this step is optional
- Select your desired template
.png)
Education Templates
The Education Landing Page is the webpage a user is directed to after interacting within a simulated phishing email. Instead of leading to a harmful website, this page serves as an immediate learning opportunity. The primary goal of the Education Landing Page is to reinforce security awareness by identifying the simulated threat, highlighting red flags (like risk indicators, for example), explaining the risks, etc.
When using Preview, if using a Risk Indicator Email Template and a Risk Indicator Education Landing Page you can preview how they will look together.
Email and Education Landing Page Customization
PhishProof allows users to clone System Templates and Education landing pages, customize them, and save them as “My Templates.”
Customize Email Templates

- Within iLMS, select PhishProof
- Navigate to the (1) Templates main tab and select (2) Email Templates
- Once you have saved customized templates, they will be displayed in the My Templates sub-tab
- Select Create New Template
- Name your template
- Describe your template
- Determine how you want education to be provided; Options include:
- Educate on link click
- Educate on form submission
- Education on Email Malware Attachment run
- Write the body of your template as desired
- Add Phishing Links, User Properties, and/or QR codes as desired
- If using Risk Indicators, highlight the portions you want to flag as a risk indicator, then next to User Properties, select the flag for Risk Indicators; It will present you with the ability to write a tooltip
- When you've finished editing your email template, you can select Preview or Save
Watch the video below to see an example of how to create a customized email template using Risk Indicators.
Customize Education Templates
- Within iLMS, select PhishProof
- Navigate to Templates, then select Education Templates
- System Education Page are pre-made templates; you can identify education templates with the risk indicator variables by looking for the flag icon
- To create a custom education page template, click New Education Page
- Type in the name of your landing page template
- Add a description as desired
- You can then remove the placeholder text and create your customized landing page as needed, inserting things like videos or even the risk indicator email template
- If inserting a Risk Indicator template, it will add “@emailtemplatewithriskindicator” text as a variable; you can then click Preview at the bottom to choose a template to show within the education landing page
- When done, click Save Template
User Properties Variables in Org Admin Templates
The Org Admin email template editors have user properties variables available, including:
- 27 user profile variables
- iLMS console user variables (e.g., organization name, first name, email address, hire date, etc.) with the ability to include custom fields
Please note that the Org Admin console only shows variables added in iLMS.

Clone a System Email
- Once you've identified a template you'd like to use as a starting point for your custom template, hover over it, and the clone icon will appear.
- When you click the clone icon, the “Clone Template” dialogue will pop up
- Here you can change the name of your custom template before clicking the Clone Template button.

Once you have cloned a system template, it will appear under the "My Templates" sub-tab. You can navigate to the template type by choosing one from the “Show All Templates” dropdown list.
Edit the Cloned Template
- Find the template that you have cloned under the My Templates sub-tab.
- Hover over the template name to reveal the edit icon. Click on the Edit icon to modify the template.
This will open the “Customize Email Template page” where you can edit the header and email content for each available language option.


NOTE: Custom templates must be enabled after creation in order to appear in the campaign builder for selection. Once your custom template is finalized hover over the template in the My Templates list and click the power button to enable it for use in campaigns.
Edit the Email Template Header and Contents
The PhishProof Editor offers the option to manipulate pre-designed content blocks or upload images through its embedded drag-and-drop function. The header information and sections of email content can be edited by hovering over them and clicking the pencil icon that appears.
Additional content sections can be added to your email template by dragging items from the "Blocks" column shown on the left into the body of your email template.
Note: Misspellings and grammatical errors found in the email content are intentional and reflective of true phishing attack characteristics.
Templates containing unsupported content may fail to send.

Tip: If your template has an image, double-click the image to modify or replace the image.
Edit the Translated Versions
Most system templates have been translated into the languages listed under the Template Language dropdown. Select the language in which your users will receive phishing emails to edit the template in that language. You will have to do this for each language that your users use.
Note: Edits to the English system template will NOT carry over to other language templates.
Once desired changes have been made to each email template, click Save Template to save changes.
To make your template available for use, return to the main My Templates page and click the toggle under the Active column to turn the template on.
Customize Education Landing Pages
Templates -> Education Templates -> System Education Page
Education Landing Pages are teaching components that will be displayed in correspondence to the type of phishing email selected. When a target user clicks on a “target link or attachment,” this educational page will open with a video that identifies the common notable phishing attack characteristics.
Navigate to the (1) Templates main tab and select (2) Education Templates. Once you have saved customized templates, they will be displayed in the My Education Page sub-tab.
To start, click on the (3) System Education Page sub-tab, choose a template, and click on the corresponding Clone icon under the Actions list. You can preview any template by clicking on the Preview icon under the Actions list.

Clone a System Education Landing Page Template
When you click the Clone icon, the “Clone Template” dialogue will pop-up. Don’t forget to change the template name before you click the Clone Template button.
Once you have cloned a system template, it will automatically show up under your My Templates subtab.
Edit the Cloned Template
- Under the My Education Page sub-tab, you will find the template that you have cloned.
For this example, we cloned the “Custom Blue Landing Page” template. - Click on the corresponding (4) Edit icon under the “Actions” list. This will open the “Customize Education Template page”.
Note: We recommend turning on the template under the “Active” column AFTER all edits are finalized and have been saved. Just return to this screen and click the toggle to the “ON” position.
Edit the Contents
The Editor offers the option to manipulate pre-designed content blocks or upload images through its embedded drag-and-drop function. Content can be edited where a pencil icon is displayed.
Your logo and contact information should already appear in the education template. If you need to edit either of these for all templates going forward, please use the main Settings tab in PhishProof.
You can also upload your own PDF version by clicking on the Replace with a PDF File button and following the prompt's instructions.
Once desired changes have been made to the phishing email, click Save Template to save changes.
Edit the Translated Versions
Each template has been translated into the languages listed under the Template Language dropdown. Select the language in which your users will receive phishing emails to edit the template in that language. You will have to do this for each language that your users use.
You can also upload pdf versions in any language. Be sure the correct corresponding language is selected from the Template Language dropdown list before uploading a pdf.
Note: Edits to the English system template will NOT carry over to other language templates.
Once desired changes have been made to each landing page template, click Save Template to save changes.
To make your template available for use, return to the main My Templates page and click the toggle under the Active column to turn the template on.
Email Campaign
Email Campaigns are what bring everything you did above together. This section outlines how to create and schedule email campaigns. Email Campaigns allow you to send out one or multiple emails to selected users. Choose email templates from our library of system templates, your organization's custom templates, or a bit of both. These emails can be sent to users at randomized times during a specified time span or all at once.
Campaigns -> Start a New Campaign -> Email Campaign
Campaign Options
This tool offers various options for sending your campaign. Below the image, see descriptions for each numbered item.

(click to view enlarged image)
1) Campaign Name
This is a title for your campaign. This title will appear on the main Campaign page in the list of draft, scheduled, or completed campaigns.
2) Campaign Description
The Campaign description will allow you to add additional detail in regards to what your campaign is about.
3) Email Templates
- Click the "choose template" button to bring up the template selector.
(click to view enlarged image)
- Use the tabs in the upper-left to switch between viewing a list of system templates or your custom templates.
- Search and filter options are available in the pane on the left to help you narrow down results to only templates that fit the desired criteria based on the features described elsewhere in this article (Type, Difficulty, and Features, including QR Code and Risk Indicators.
- Clicking templates will allow you to preview the email that will be sent in the pane on the right.
The language dropdown (upper-right) allows you to view how the template will look in other languages. - To select templates to use in your campaign, place a check in the box next to the template's name.
- Click "Selected Templates" to view only templates you currently have selected for use in the campaign. These are the templates that will be sent to targeted users. Each user will get a random template from this selection.
Note:
- All templates used in a campaign must be the same type. Link click, Form submit, or Attachment.
- Custom email templates must be created prior to creating the email campaign. To create a customized email template, go to the main Templates tab and click on Email Templates.
4) Education Landing Page
Select an Education Landing Page from the dropdown list. Your users will see this whenever they are “phished,” or fall victim to a phishing simulation.
The Education Landing Page is an on-the-spot educational tool that warns users to be wary of such emails in the future. With this immediate reinforcement, users will be able to recognize the telltale signs of real phishing attempts.
Note: Custom education landing pages must be created prior to creating the campaign. To create a custom Education Landing Page, go to the main Templates tab and click on Education Templates. When selecting the Education Landing Page you can choose between standard Education Landing Pages or Risk Indicator enabled Education Landing Pages. Risk Indicator enabled Education Landing Pages include the text [Risk Indicator] in square brackets after the template name.
- When using Preview, if using a Risk Indicator Email Template and a Risk Indicator Education Landing Page you can preview how they will look together.
- If you choose a combination of a Risk Indicator Email Template and a NON-Risk Indicator Education Landing Page, you will see a warning next to the preview button advising you of this.
5) Select Targets
This section allows you to select the Targets or recipients of your randomized campaign. Targets can be selected by Hierarchy (region, division, dept), Groups, or Individual User. They can also be selected from a previous Campaigns target list or the Susceptible Users list which includes individuals who have been phished in previous campaigns.
6) Start Date and Time
Here you can schedule the date and time at which your campaign will start sending the randomized emails to the specified targets.
7) Send Duration
The duration is the number of days over which the campaign will take place. The optimal span is 7 days for more authentic results and ease of delivery to inbound mail servers by reducing the bulk of the send.
8) Business Days
In this section, you can specify the hours and days of the week which make up your organizations Business Hours. This will ensure that campaign emails are not sent outside of regular business hours to increase the probability of the recipient seeing the email.
Note: Scheduled Campaigns cannot Start and End the same day.
For this reason, we recommend having at least 2 business days selected for a campaign with a 1 business hours/day duration, or ensuring your Start date/time is at least 24 hours apart from your intended end date/time.
For example:
- If today is Friday, October2nd.
- I select today's date as my campaign start date.
- My send duration is "1 business hours/days"
- I then check the box for only Friday as my business days.
- The campaign will start today and conclude the next applicable day, which is Friday a week from today.
9) Stop Tracking
This option will specify how long user actions in the Phishing simulation will be recorded for reporting after the campaign emails have been sent.
10 )Display Domain
When a learner hovers over a targeted link in the phishing email, the selected display domain will be shown instead of the actual destination.
11) Hide from Global Reports
This option should only be used in the event an administrator is running a test campaign. When enabled, this option will ensure that results from tests campaigns are not included in reporting, nor will the recipients be assigned any training upon failing the simulation.
12) Save Buttons
- Save & Exit – This action will save your input so that you can return to make any adjustments and launch the campaign at a later date. You will see the saved campaign in the Draft section of the Campaigns Home tab. It will be labeled as incomplete.
- Save & Schedule – This action will launch the campaign as you have designated. You will see the saved campaign in the Scheduled section of the Campaigns Home tab. Once the messages have all been sent, the campaign will move to the Completed section.
Note: Campaign Details will not appear until all emails for the campaign have been sent. After emails finish sending you will be able to see details for all users that received an email and whether as well as click/form/attachment data.
USB Baiting Campaign
USB Baiting Campaign
This tool allows you to place a special file provided by PhishProof onto your own USB drive. The USB drive can then be placed in a common space in your organization.
Examples: Parking lot, Breakroom, or another high-traffic location.
This allows your organization to assess whether employees are at risk of opening files or enabling macros on documents from found USB devices
To get started, select "USB Templates" from the "Start a New Campaign" drop-down list.

The first page encountered when creating a USB Baiting Campaign will allow you to title your campaign, add a description for your reference, specify the location in which the USB drive was placed, and select a landing page for use in Macro-Enabled Campaigns.

Once the Campaign Details have been populated, click Save Start.
This will take you to the Overview page for the USB Campaign.

Download File
This lists the documents that can be downloaded and placed on USB drives for your campaign. The files can be renamed after download. Note: If the Campaign-creator opens the doc, it will be recorded just as if it were opened by a user.
Opens
This column displays the number of times users have opened this document type for this campaign.
Macro Enabled
This column specifies whether the document listed contains Macros.Files do not contain Macros
Files DO contain Macros
Files that contain macros are able to capture more data about the user who opens the doc and enables the macro than documents that do not contain macros.If the macro in a document is enabled, the user will be taken to the education landing page in a web browser.
Note: Documents that DO NOT contain Macros will not take users to the landing page.
Result of Macro-Enabled Doc Shown Here
4) End Campaign (Overview Tab)
After enough reporting data (Shown on the Details Tab) has been gathered from the Campaign, you can end the campaign by clicking this button. No further data from the docs downloaded from the campaign will be recorded.
Campaign Details
While the campaign is active and after the USB drive(s) containing the docs downloaded from the tool have been planted, any record of users opening the doc or enabling the macros, if applicable, will be displayed on the Details Tab. Differences between the data captured by Documents with and without Macros are shown below.

The data displayed on the details tab can be exported using the Export Results to Excel button provided in the upper-left.
On the main PhishProof Campaigns Page, a summary of all USB Campaigns will be listed in their own section at the bottom of the page.
