Phishing simulations
Configure phishing campaigns, choose realistic scenarios, and monitor how employees respond.
Overview
The Phishing module helps you assess and strengthen how employees respond to suspicious emails. Build campaigns around applications your team recognizes, select scenarios, choose the audience and schedule, and review employee actions from the elba admin portal.
You can run a recurring phishing program or send a manual campaign to a selected audience.
Activate the phishing program
Open Phishing in the elba admin portal and follow the activation flow.
1. Select your email provider
Choose the email service used by your organization. elba presents the authorization flow appropriate for that provider.
2. Grant the requested permissions
Follow the instructions shown in elba to authorize campaign delivery. Review the current permissions in the provider's consent screen before accepting them.
The account completing this step must have the administrative rights required by your email provider and your organization's policies.
3. Choose applications and scenarios
Select applications familiar to your employees, then choose the scenarios that can be used in campaigns. A scenario defines the simulated email and its associated experience.
You can use scenarios available in elba or create a custom scenario in the scenario editor. Review custom content and previews before adding it to a campaign.
4. Configure the schedule
Choose the campaign frequency and first launch date. elba distributes the selected scenarios across enrolled employees according to the configured program.
Employees enrolled after a campaign has launched become eligible for a subsequent campaign.
5. Review and launch
Before launching, check:
- The enrolled audience
- The selected applications and scenarios
- The launch date and campaign frequency
- The email-provider authorization
Then launch the program from the confirmation screen.
Run a manual campaign
Use a manual campaign when you need a focused simulation outside the recurring program. Select the intended employees and scenario, review the scope, then send the campaign.
A manual campaign is reported separately from campaigns created by the recurring program.
Understand campaign results
elba records relevant actions during a simulation, including whether the employee:
- Opened the simulated path and clicked its link
- Submitted data on the simulation page
- Reported the message
Use the campaign and employee views to examine scheduled, running, successful, and failed tests. You can inspect an employee's timeline and filter results by campaign, scenario, or group.
Campaign reporting is intended to help you identify where additional awareness or follow-up may be useful. It should be interpreted alongside the campaign's audience, scenario, and timing.
Use reported emails in campaign results
When an employee reports an elba simulation through the Report Phishing add-on, elba associates that action with the campaign result.
Messages that are not elba simulations are placed in the dedicated Email Reports inbox for administrator review. See Set up phishing reporting for installation, data handling, and inbox guidance.
Pause or update the program
You can update program settings or stop future campaigns from the Phishing settings. If a campaign is already being distributed, review the status shown in elba before changing the program: stopping the program does not necessarily recall messages that are already scheduled for delivery.
Recommended launch checks
- Confirm that provider authorization is complete.
- Check employee enrollment and campaign scope.
- Preview every selected scenario.
- Start with a limited audience and review the result timeline.
- Confirm how your team will handle reported non-simulation emails.
- Expand the audience only after validating delivery and reporting.