The difference between a Awareness Training Campaign and a Phishing Assessment Campaign depends entirely on the campaign’s purpose.

☝️ - A training campaign aims to educate employees and help them develop reflexes against phishing.

✌️ - An assessment campaign measures the actual security level of the organization at a specific point in time, in a more discreet way.

1 – Purpose

The distinction between a training campaign and an assessment campaign is based on the desired outcome.

Awareness Training Campaign:
Educates employees and helps them recognize phishing indicators.

Phishing Assessment Campaign:
Evaluates real employee behavior and the company’s security posture without revealing the simulation.

2 – Prerequisites

Before launching a campaign, make sure:

You have access to the Campaign section under Phishing Simulation
Your user role allows campaign creation (Admin or Owner)

3 – Create a campaign

To create a new campaign:

Go to the Phishing Simulation section
Click Campaign
Click New Campaign

4 – Launch an Awareness Training Campaign

A Training Awareness Campaign is designed with one main goal: employee awareness and education.

This type of campaign displays a dedicated training page if the employee fails the simulation.

4.1 – Create a training campaign

Click Awareness Training Campaign

The campaign tile specifies that it includes:

sending a phishing email
showing a training page if the employee fails

Tile showing “Training Awareness Campaign,” highlighting that it sends a phishing email and displays a training page if compromised.

4.2 – Choose the simulation level

4.2.1 – Credential Harvesting Mode

This mode plays out the full scenario and simulates credential theft. It measures:

email open
link click
credential submission (compromise)
access to the training page after compromise

All these steps appear in the campaign statistics.

Campaign type selection screen with the Credential Harvesting option highlighted, showing details about simulations using realistic phishing emails and login pages

4.2.2 – Click-Only Mode

Ideal for less-experienced audiences to reinforce basic reflexes.

Characteristics:

no credential theft page
only clicks reduce the security score
employees are redirected directly to the training page after clicking

⚠️ Warning
In a Click-Only campaign, a click is not considered a compromise.

Campaign type selection screen with the Click-only option highlighted, showing details about simulations monitoring clicks on realistic phishing emails.

5 – Launch an Assessment Campaign

A Phishing Assessment Campaign provides a realistic and discreet evaluation of employee behavior.

Employees are not informed that the email was a test.

Users who fall for the simulation are redirected to an external URL — by default, the legitimate site copied by the scenario.

Tile showing “Phishing assessment Campaign,” highlighting that it sends a phishing email and analyzing behaviours of employees to create a baseline.

5.1 – Create an assessment campaign

Click Phishing Assessment Campaign

This type of campaign allows you to:

simulate a realistic phishing attack
assess employee behavior without alerting them
redirect compromised users to a chosen URL (default: the legitimate website impersonated)

📚 Note:
For maximum discretion:
Use multiple scenarios and unpredictable sending dates.

5.2 – Choose the simulation level

5.2.1 – Credential Harvesting Mode (recommended)

This mode best mimics a real phishing attack.

Captured data includes:

email open
link click
credential submission (compromise)
redirection to the legitimate site

All steps are recorded in the statistics.

5.2.2 – Click-Only Mode