Skip to content

Create a campaign series

Start a new campaign series to test your users with attack simulations or enroll them in mandatory training.

You can choose the type of campaign series you want to use. Sophos Phish Threat includes templates for common attack types.

To create a series, do as follows:

  1. Go to My Products > Phish Threat > Campaigns. See Campaign overview.
  2. Click New Series and give the campaign a name.
  3. Choose what type of campaign series you want to set up.

    • Simulated attack series: This allows you to test targeted users with phishing, attachment, and credential harvesting campaigns.
    • Security training series: This allows you to enroll your users in a security training series.
  4. Choose the frequency of your campaign.

  5. Choose the language of your email and training materials. Click Next.
  6. Depending on the type of series that you chose, do one of the following:

    Set up an attack series:

    1. Choose the type of attacks to send to your users. You can select a combination of the attack types.
    2. Choose the difficulty level of the simulation.
    3. Choose whether your users are enrolled in training after the simulation.

      By default users are enrolled in training that matches the selected attacks. Click Next.

    Set up a training series:

    1. Click a training course to review a synopsis.
    2. Click Choose this training to select a training course.

      You can select multiple training courses. Click Next.

  7. Choose which Users or user Groups to send the campaign series to.

    If some users' email addresses use unverified domains, you see a warning message. Click Verify domains to start verifying your domains. See Verify domains.

  8. Click Auto-enroll new users to this series if you want to enroll new Sophos Central users in the series automatically. See Auto-enrollment.

  9. Click Next.
  10. Review the series options and click Edit to make any changes.
  11. Schedule the series:

    • For a simulated attack series, set when the series ends.

      You can choose an end date or allow a series to continue until you cancel it. Any actions taken by users after the end date are not factored into the campaign results.

    • For a training series, set when the series starts.

  12. Click Done.

Verify domains

You can only send simulated phishing emails to email addresses at domains you own. You must verify your domains with us before using them in Phish Threat campaigns.

If email addresses in Enroll Users are at domains that aren't verified, you can't select them.

Click Verify domains in the warning message to start verifying your domains. After verifying your domains, click Phish Threat to continue creating your campaign.

If you have a mix of verified and unverified domains in your email addresses, you can select addresses with verified domains. You can't select the addresses with unverified domains.

If you select Groups, and a group has a mix of verified and unverified domains in the email addresses, only the addresses with verified domains are added to the campaign. You receive a warning message, and can verify the domains, or continue with just the addresses with verified domains.

For more information on verifying domains, see Verify domains.