Through phishing campaigns in the Rawam platform, you can simulate phishing attacks with the goal of raising employee awareness and helping them distinguish between legitimate and malicious emails.
This page allows you to:
- Create custom phishing campaigns
- Send fake emails containing links or malicious attachments to simulate attacks
- Track employee behavior during the campaign
- Generate detailed reports that reflect employee awareness and responses
These campaigns are intended for educational and testing purposes only, conducted within a safe and monitored environment. They must not be used for any malicious or deceptive purposes outside the institutional training context.
Phishing Campaigns Interface
When accessing the phishing campaigns section, you will see an interface that includes:
Top Control Buttons
- Add New: To create a new phishing campaign
- Import: To upload ready-made campaigns from an SQL file exported from the legacy Rawam phishing system
- Download Report: Exports a general campaign summary report in PDF format (same layout as the web interface)
Campaign Performance Indicators
Each campaign displays four key metrics representing employee interaction with the phishing message:
| Indicator | Color | Meaning |
|---|---|---|
| Reported | Green | Number of employees who correctly identified and reported the email |
| Data Submitted | Red | Number of employees who were deceived and submitted their data |
| Link Clicked | Yellow | Number of employees who clicked the phishing link |
| Email Opened | Purple | Number of employees who opened the email but did not interact further |
This visual representation helps assess the cybersecurity awareness level across employees.
Campaign Details in the Table
After creating a phishing campaign, it will appear in the table with the following key information:
- Campaign Name
- Time Period
- Number of Users Who:
- Opened the email
- Clicked the link
- Submitted data
- Reported the phishing attempt
- Status: (Ended, In Progress, Not Started)
- Quick Actions:
- Report: View the campaign report
- Delivery: View email delivery details for users
- Delete: Remove the campaign
- Duplicate: Copy the campaign (makes it easier to reuse existing campaign settings and make edits)
- Edit: Modify campaign details
Create a New Phishing Campaign
Clicking the "Add New" button opens a form with the following fields:
Main Fields:
- Campaign Name: Internal name that describes the campaign purpose
- Campaign Template: Select from pre-designed templates (e.g., Free Tickets – Account Update – Product Discount)
- Sender Email: The spoofed email address shown to recipients
- Link: The fake phishing link included in the email (associated with the chosen template)
- Start Date / End Date: Campaign execution period
- Targeted Departments: Select specific departments within the organization to receive the campaign
- Auto-enroll in Training Program (optional): Automatically enroll employees who fail the campaign into a cybersecurity training program
