Learn how to create progressive phishing simulations that adapt to user behavior and track improvement over time.
Quarterly phishing campaigns provide a structured approach to security awareness training. This tutorial shows you how to design, implement, and analyze progressive campaigns that measure and improve your organization's phishing resilience over time.
Start with a straightforward phishing email to establish baseline metrics. This first campaign should use obvious phishing indicators to measure your organization's current awareness level without being overly deceptive.
POST /api/campaigns/
{
"name": "Q1 Baseline Assessment",
"template": "generic-password-reset",
"launch_date": "2025-01-15T09:00:00Z",
"send_by_date": "2025-01-15T17:00:00Z",
"groups": ["all-employees"]
}Create email templates that mirror real-world phishing threats your industry faces. Use familiar brands, realistic urgency, and appropriate tone for your organization.
Gradually increase campaign difficulty to challenge employees as they improve. Track metrics over time to measure effectiveness.
| Quarter | Difficulty | Success Metric |
|---|---|---|
| Q1 | Easy (Baseline) | <30% click rate |
| Q2 | Moderate | <20% click rate |
| Q3 | Challenging | <15% click rate |
| Q4 | Advanced | <10% click rate |
Track campaign results to identify trends and improvement areas. Focus on three key metrics:
GET /api/campaigns/123/results
GET /api/analytics/trends?period=12monthsCreate reports for auditors, executives, and compliance teams showing security awareness training effectiveness.
GET /api/reports/compliance?period=2025-Q1&format=pdf