Phishing Lab

Objectives

• Stand up a simulation platform with strong safeguards

• Create templates and landing pages that record events only

• Launch a scoped campaign and monitor engagement

• Convert findings into coaching and process changes

Prerequisites

• Organizational approval and documented consent

• Access to a test Simple Mail Transfer Protocol account for sending

• A server or virtual machine to host the platform

Implementation

1. Platform setup

• Deployed the simulation server and secured the admin account.

• Configured a sending profile and validated delivery to test inboxes.

2. Assets

• Built a landing page that tracks visits and attempted submissions without storing secrets.

• Authored a realistic but benign email template with a single call to action.

3. Audience and launch

• Created a test group from consented participants.

• Scheduled the campaign and verified telemetry end to end with a pilot.

4. Monitor and analyze

• Tracked delivery, opens, clicks, and report events in real time.

• Identified risk patterns by department and by template variant.

5. Train and iterate

• Delivered targeted micro-trainings and sent tip sheets.

• Ran a follow-up campaign to measure improvement.

Outcomes

• A safe, repeatable program that measures susceptibility without shaming

• Higher report rates and lower click rates on subsequent runs

Skills demonstrated

• Phishing simulation configuration and operations

• Email deliverability testing and telemetry

• Data analysis and awareness training design