Phishing Simulation Campaign Template

Free — starts instantly.
Instaboard board showing phishing simulation campaign pipeline with stages from planning through launch, analysis, remediation, and reporting

1) Set up your first campaign in Plan & Scope2) Design templates and training in one place3) Launch, label, and monitor the simulation4) Review results, remediate, and coach5) Report to leadership and plan the next wave

Run phishing simulations as a repeatable program

Instead of treating phishing tests as one-off blasts, use this template to manage them as a visible, repeatable program. Each card represents a campaign that moves left-to-right from Plan & Scope through Report & Next Wave, keeping briefs, target segments, and risk decisions together on the card. Duplicate micro-template cards for campaign briefs, recipient segments, settings, and training plans so every run starts from the same checklist. Labels highlight high-risk groups and repeat clickers, while due dates and assignees keep launches and follow-ups on track. Attach CSV exports, platform screenshots, and slide decks directly to cards so everyone can see what happened and what changes next.

  • Turn scattered phishing tests into one visible pipeline
  • Capture campaign briefs, segments, and results on cards
  • Use labels, due dates, and owners to manage risk
  • Attach training files and reports where work happens
  • Repeat proven campaigns quickly with duplicate-ready templates

Set up your first campaign in Plan & Scope

Open the board and start in the Getting Started area, where you will find the Campaign Brief micro-template. Duplicate that card, drop it into the Plan & Scope list, and rename it for your first simulation. Fill in the objective, target group, attack type, and key metric fields directly on the card. Assign yourself or a teammate as the owner and set a due date for launch so it appears on the board timeline. Apply risk labels such as High risk or Low risk plus audience tags like VIP / Execs or New hires to make this campaign easy to spot later.

Pro tip: Rename the board with your company name so it feels like your phishing program home, not a sample.

Design templates and training in one place

Move the campaign card into Design Templates & Training when you are planning emails and training content. Draft messages in your usual tools, then paste finalized copy or screenshots into the card description or attachments so decisions live on the board. Duplicate the Recipient Segment and Simulation Settings cards to capture which departments you are targeting, which sending domain you will use, and whether whitelisting is complete. Attach drafts, screenshots, or vendor links so reviewers do not have to hunt through email threads. Create Training Plan cards that spell out which module triggers for clicked, reported, or ignored emails and assign owners for each follow-up, then tag them Training assigned.

Launch, label, and monitor the simulation

Once details are locked, drag the campaign card into Launch & Monitor so the board clearly shows that the run is live. Update the card with your scheduled send dates and confirm whitelisting by tagging it Whitelisting needed or clearing that label once IT signs off. During the live send, you will still watch metrics in your phishing platform, but add quick notes to the card about delivery issues or spikes in helpdesk tickets. Assign an on-call owner so it is obvious who is watching metrics and responding to questions. If you use a vendor platform, paste direct report links into attachments so the team can jump straight into dashboards from the card.

Review results, remediate, and coach

After the simulation ends, move the card to Review & Analyze Results and duplicate the Executive Summary template. Pull coverage tested, click rate, report rate, and repeat clickers from your platform reports, then capture those numbers on the card and attach CSV exports or screenshots so they are easy to verify later. Slide the card into Remediate & Coach as soon as you identify high-risk segments or repeat clickers. Create additional Training Plan cards for those groups, apply Repeat clicker and Requires follow-up labels, and assign owners with due dates for coaching. Use checklists or attachments on these cards to keep micro-training decks and scripts tied to the work instead of getting lost in inboxes.

Report to leadership and plan the next wave

When you are ready to share outcomes, move the main campaign card into Report & Next Wave. Summarize key trends in the description and attach the slide deck or narrative report you plan to present to leadership. Duplicate one more Executive Summary card if you want a clean, forward-looking view of improvement targets for the next quarter. Set a due date for the next simulation and tag it Audit scope so it stays visible during compliance reviews. Finally, duplicate the Campaign Brief card again for your next wave and drop it back into Plan & Scope to keep the program rolling.

What’s inside

Six-stage program pipeline

Plan & Scope through Report & Next Wave keeps every phishing simulation moving left-to-right from idea to follow-up so nothing stalls between launch and remediation.

Reusable campaign micro-templates

Duplicate Campaign Brief, Recipient Segment, Simulation Settings, Training Plan, and Executive Summary cards so each run starts with the same structure.

Target segment and risk labels

Tag campaigns with High risk, VIP / Execs, New hires, and more so you can filter by audience and risk level in seconds.

Training and remediation lane

Use Remediate & Coach to plan targeted micro-training for repeat clickers and process fixes for your helpdesk and security team.

Results and executive summaries

Capture coverage, click rates, report rates, and key learnings in dedicated results cards, then attach exports and decks for leadership updates.

Why this works

  • Turns ad hoc phishing tests into a measurable program
  • Keeps campaign briefs, settings, and evidence in one workspace
  • Highlights high-risk groups and repeat clickers at a glance
  • Links simulation results to targeted training plans on the same cards
  • Gives leadership before-and-after results by attaching exports and decks they can share with stakeholders

FAQ

Do I need a phishing platform to use this template?

No. The board acts as a planning and tracking hub whether you use a dedicated phishing platform or simple email tools; keep sending and analytics in those systems and attach links or files from them to your cards.

Can this template handle multiple campaigns at once?

Yes. Create one card per campaign and move each left-to-right through the stages. Labels and assignees make it easy to see which campaigns are in planning, in flight, or in follow-up at any time.

How should I use this with different departments or regions?

Tag cards with audience labels like VIP / Execs, New hires, or region names in the description, then filter by label or search by text to focus on a specific group when planning or reporting.

Is this board for real incidents or only simulations?

This template is optimized for planned phishing simulations. For real incidents, you can still log campaigns for context but should track incident response steps in your dedicated IR playbooks or ticketing system.