Hook SecurityHook Docs
Org Admin

Run a phishing campaign

Walk through the four-step wizard to launch a phishing simulation against your users and monitor results in real time.

A phishing campaign in Hook is a simulated phishing email sent to a defined set of your users. Hook tracks who opens it, who clicks the link, who submits credentials on the landing page, and who reports it. You run a campaign whenever you want a fresh, measurable read on how your team handles a realistic attack — typically once a quarter for the whole organization, or more often against a smaller pilot group while you tune the program.

Before you start

Prerequisites

  • You're signed in to Hook as an org admin and have an active organization selected in the org switcher.
  • You've imported the users you want to test (CSV, IdP sync, or manual). See Sync users from Microsoft Entra if you haven't yet.
  • Optional but recommended: a small pilot group (say, acme-test-pilot with 5–10 people) so your first campaign goes to a friendly audience before you target everyone.

Open the campaign wizard

From the left nav, go to Phishing. The Phishing Campaigns page lists every campaign you've created, with status, template, recipient count, and start date. Click Create Campaign in the top right to open the four-step wizard.

Phishing Campaigns list with the Create Campaign button and status filters

Walk through the wizard

The wizard has four steps. A summary cart on the right of every step shows your selections so far — you can click any section in the cart to jump back and edit it.

Campaign Details

Give the campaign an internal name, e.g. Q2 2026 Security Assessment. The name is for your team only — it never appears in the phishing email your users receive. Names must be at least 2 characters; the field caps at 255.

Optionally add a Description (up to 1000 characters) for context like scope, who requested the test, or follow-up training plans.

Under When should this campaign launch?, keep Launch now selected. Hook also shows a Schedule for later option marked Coming Soon — it's disabled today, so every campaign launches when you click Launch Campaign on step 4. Under Delivery timing, choose whether emails send at campaign start or spread over the configured delivery window.

Wizard step 1 with campaign name, launch timing, delivery timing, and summary cart

Targeting

Choose who receives the simulation. Hook offers three recipient modes:

  • All users — every active user in your organization.
  • Include specific groups — only users in the groups you select.
  • Exclude specific groups — everyone except users in the groups you select (useful for excluding execs or your IT team).

If you pick a group-based mode, Hook shows the list of groups in your org with a member count badge on each. Tick the boxes for the groups you want. The Estimated recipients card at the bottom updates live as you change your selection.

The estimate is an estimate

The user count shown is resolved at send time — if a user is added or deactivated between now and launch, the final count will differ. Hook warns you about this directly under the count.

Wizard step 2 with Include specific groups selected and two groups checked

Template

Pick the phishing email your users will receive. The template list reads like an inbox: each card shows the template name, subject line, a short description, and category and difficulty badges when that metadata is available.

Use the search bar to find a template by name, subject, or description. Filter by category, difficulty, or sort (Most Popular, Alphabetical, Newest). Hover any row and click Preview to open a side sheet that renders the full email body and landing page exactly as the recipient sees them.

Click a row to select it. A green check appears in the top right of the selected card.

If you want to tweak this template just for this campaign — for example, swap the sender domain so it lines up with a real-world attack pattern you've seen — click Edit for this campaign next to the selected template label. You can override the Subject, From name, From domain, Reply-to, and Body. These edits apply only to this campaign; the original template in your library is untouched. If you also want to keep the edited version, check Also save this as a custom template after launch on the review step.

Custom templates aren't editable from the wizard

If you select a template that you previously saved as a custom template, the Edit for this campaign button is disabled. To change a custom template, edit it from Manage phishing templates before you start the wizard.

Wizard step 3 with a selected template and preview sheet open

Review & Launch

The final step summarizes everything: campaign name and description, Timing (Immediate), recipient mode and estimated user count, the selected template with its category and difficulty, and any one-off edits you made. The green Ready to launch banner restates the template name and approximate audience.

When you're satisfied, click Launch Campaign. Hook creates the campaign, syncs it to the underlying delivery provider, and redirects you to the live monitoring page. A toast confirms how many users were enrolled.

Wizard step 4 with the campaign summary, safelist panel, and Ready to launch banner

Monitor a live campaign

After launch, Hook drops you on the campaign detail page at /org/phishing/<campaign-id>. You can also reach it from the Phishing Campaigns list by clicking any row.

The detail page shows:

  • A status badge (Pending, Active, Completed, Failed) and a Refresh button.
  • A stats strip with five tiles: Enrolled, Sent, Opened, Clicked, and Reported. The Enrolled count is live; the others populate as recipients interact with the email.
  • A Campaign Info card with type, template, start date, created timestamp, and the upstream campaign ID.
  • An Enrolled Users table with name, email, and per-user status.

Click Refresh to pull the latest counts. If the campaign status is Failed, you'll see a red alert telling you to create a new campaign to retry — the underlying sync didn't complete.

Campaign detail page with engagement funnel and recipient activity table

What to expect after launch

Timeline

Phishing emails go out within a few minutes of launch. Open and click events start populating the stats strip almost immediately. Reporter submissions show up as users click the report-phish button in their mail client. The full picture — including who clicked but didn't submit credentials versus who submitted them — is usually clear within 24 hours.

After the campaign closes, Hook generates an executive summary and rolls recipients into your security watchlist. Both feed your reporting and remediation workflow — see Related below.

Common pitfalls

  • You can't schedule for later yet. The "Schedule for later" tile on step 1 is visibly disabled with a Coming Soon badge. Every campaign sends immediately on launch — don't click Launch Campaign until you actually want emails to go out.
  • One-off template edits don't update your library by default. If you tweak a template's subject or body in step 3 and want to reuse those changes next quarter, remember to tick Also save this as a custom template after launch on the review step. Without it, your edits ship to recipients but vanish from your library afterward.

On this page