How to Run Your First Phishing Campaign with GoPhish

Introduction

HailBytes’s GoPhish is a phishing simulator designed to enhance your business’s security awareness training programs. Its primary feature is running phishing campaigns, a key tool for any security awareness training program. If this is your first time using GoPhish, you have selected the right article. In this article, we will go over how to set up and access the results of your first campaign.

Setting Up GoPhish

Creating a New Campaign

1. Find and select “Campaigns” in the navigation sidebar.
2. Fill in the required fields.
   • Name: The name of your campaign.
   • Email Template: Email seen by recipients.
   • Landing Page: Code for the page that is used when the recipient clicks on a link within the email template.
   • URL: URL that populates the {{.URL}} template value and should be an address that points to a GoPhish server.
   • Launch Date: Starting date of the campaign.
   • Send Emails By: Time when emails will all be set. Filling in this option tells GoPhish you want to spread the emails evenly between the launch and send by date.
   • Sending Profile: The SMTP configuration used when sending emails.
   • Groups: Defines the groupings of the recipients in the campaign.

Launching Campaign

Click launch. You are done setting up your first campaign.

Viewing and Exporting Results

1. You will be automatically redirected to a campaign results page. This page provides an overview of the campaign and details on each target.
2. To export your results in CSV format, click “Export CSV” and select the type of results you would like to export.
   • Results: This type is the current status for each target within the campaign. It contains the following fields: id, email, first_name, last_name, position, status, ip, latitude, and longitude.
   • Raw events: This contains a stream of events from the campaign in chronological order.

Miscellaneous

• To delete a campaign button, click the delete button and confirm.
• To view the timeline of a recipient, click on the row with the recipient’s name.
• If you selected the capture credentials option when building a landing page, you can view those credentials in the “View Details” dropdown.

Conclusion

In conclusion, HailBytes’s GoPhish is a powerful phishing simulator that complements your security awareness training programs. By following the steps outlined in this guide, you can create and launch your first phishing campaign. Once you finish your first phishing campaign, check out our article on how to make the most from your GoPhish campagin results.

Deploy GoPhish Phishing Platform on Ubuntu 18.04 into AWS