Run a phishing campaign
Walk through the four-step wizard to launch a phishing simulation against your users and monitor results in real time.
A phishing campaign in Hook is a simulated phishing email sent to a defined set of your users. Hook tracks who opens it, who clicks the link, who submits credentials on the landing page, and who reports it. You run a campaign whenever you want a fresh, measurable read on how your team handles a realistic attack — typically once a quarter for the whole organization, or more often against a smaller pilot group while you tune the program.
Before you start
Prerequisites
- You're signed in to Hook as an org admin and have an active organization selected in the org switcher.
- You've imported the users you want to test (CSV, IdP sync, or manual). See Sync users from Microsoft Entra if you haven't yet.
- Optional but recommended: a small pilot group (say,
acme-test-pilotwith 5–10 people) so your first campaign goes to a friendly audience before you target everyone.
Open the campaign wizard
From the left nav, go to Phishing. The Phishing Campaigns page lists every campaign you've created, with status, template, recipient count, and start date. Click Create Campaign in the top right to open the four-step wizard.
Screenshot pending
[Phishing Campaigns list page with "Create Campaign" button highlighted top-right]
Walk through the wizard
The wizard has four steps. A summary cart on the right of every step shows your selections so far — you can click any section in the cart to jump back and edit it.
Campaign Details
Give the campaign an internal name, e.g. Q2 2026 Security Assessment.
The name is for your team only — it never appears in the phishing email
your users receive. Names must be at least 2 characters; the field caps
at 255.
Optionally add a Description (up to 1000 characters) for context like scope, who requested the test, or follow-up training plans.
Under When should this campaign send?, pick Send immediately. Hook also shows a Schedule for later option marked Coming Soon — it's disabled today, so every campaign launches the moment you click Launch Campaign on step 4.
Screenshot pending
[Wizard step 1 — Campaign Details — with name "Q2 2026 Security Assessment" entered and "Send immediately" selected]
Targeting
Choose who receives the simulation. Hook offers three recipient modes:
- All users — every active user in your organization.
- Include specific groups — only users in the groups you select.
- Exclude specific groups — everyone except users in the groups you select (useful for excluding execs or your IT team).
If you pick a group-based mode, Hook shows the list of groups in your org with a member count badge on each. Tick the boxes for the groups you want. The Estimated recipients card at the bottom updates live as you change your selection.
The estimate is an estimate
The user count shown is resolved at send time — if a user is added or deactivated between now and launch, the final count will differ. Hook warns you about this directly under the count.
Screenshot pending
[Wizard step 2 — Targeting — with "Include specific groups" selected, the "acme-test-pilot" group checked, and the recipient estimate showing]
Template
Pick the phishing email your users will receive. The template list reads like an inbox: each row shows the template name as the sender, the subject line, a short description, and badges for Difficulty (Easy / Medium / Hard) and Category (e.g. Finance, IT, Social).
Use the search bar to find a template by name, subject, or description. Filter by category, difficulty, or sort (Most Popular, Alphabetical, Newest). Hover any row and click Preview to open a side sheet that renders the full email body and landing page exactly as the recipient sees them.
Click a row to select it. A green check appears in the top right of the selected card.
If you want to tweak this template just for this campaign — for example, swap the sender domain so it lines up with a real-world attack pattern you've seen — click Edit for this campaign next to the selected template label. You can override the Subject, From name, From domain, Reply-to, and Body. These edits apply only to this campaign; the original template in your library is untouched. If you also want to keep the edited version, check Also save this as a custom template after launch on the review step.
Custom templates aren't editable from the wizard
If you select a template that you previously saved as a custom template, the Edit for this campaign button is disabled. To change a custom template, edit it from Manage phishing templates before you start the wizard.
Screenshot pending
[Wizard step 3 — Template — with a template selected, difficulty/category badges visible, and the Preview side sheet open]
Review & Launch
The final step summarizes everything: campaign name and description, Timing (Immediate), recipient mode and estimated user count, the selected template with its category and difficulty, and any one-off edits you made. The green Ready to launch banner restates the template name and approximate audience.
When you're satisfied, click Launch Campaign. Hook creates the campaign, syncs it to the underlying delivery provider, and redirects you to the live monitoring page. A toast confirms how many users were enrolled.
Screenshot pending
[Wizard step 4 — Review & Launch — showing campaign summary and the green "Ready to launch" banner with "Launch Campaign" button]
Monitor a live campaign
After launch, Hook drops you on the campaign detail page at
/org/phishing/<campaign-id>. You can also reach it from the Phishing
Campaigns list by clicking any row.
The detail page shows:
- A status badge (Pending, Active, Completed, Failed) and a Refresh button.
- A stats strip with five tiles: Enrolled, Sent, Opened, Clicked, and Reported. The Enrolled count is live; the others populate as recipients interact with the email.
- A Campaign Info card with type, template, start date, created timestamp, and the upstream campaign ID.
- An Enrolled Users table with name, email, and per-user status.
Click Refresh to pull the latest counts. If the campaign status is Failed, you'll see a red alert telling you to create a new campaign to retry — the underlying sync didn't complete.
Screenshot pending
[Campaign detail page with stats strip (Enrolled / Sent / Opened / Clicked / Reported) and the Enrolled Users table]
What to expect after launch
Timeline
Phishing emails go out within a few minutes of launch. Open and click events start populating the stats strip almost immediately. Reporter submissions show up as users click the report-phish button in their mail client. The full picture — including who clicked but didn't submit credentials versus who submitted them — is usually clear within 24 hours.
After the campaign closes, Hook generates an executive summary and rolls recipients into your security watchlist. Both feed your reporting and remediation workflow — see Related below.
Common pitfalls
- You can't schedule for later yet. The "Schedule for later" tile on step 1 is visibly disabled with a Coming Soon badge. Every campaign sends immediately on launch — don't click Launch Campaign until you actually want emails to go out.
- One-off template edits don't update your library by default. If you tweak a template's subject or body in step 3 and want to reuse those changes next quarter, remember to tick Also save this as a custom template after launch on the review step. Without it, your edits ship to recipients but vanish from your library afterward.
Related
Manage phishing templates
Browse, duplicate, edit, and delete custom templates in your library.
Read the executive summary report
Make sense of the KPIs, risk score, and recommended training after a campaign closes.
Assign training to groups
Bulk-enroll users who clicked into the right follow-up training.
Org Admin Guides
Day-to-day operator guides for a single organization — campaigns, training, reports, integrations, and the security watchlist.
Manage your phishing template library
Browse stock phishing templates, customize them for your org, save reusable variants, and prune the customs you no longer need.