
While IronScales tends to get categorized as a third party phishing and spam filter, it has many features that make it much more. It can be a strong tool in your arsenal for maintaining cyber security awareness and prevention.
One of the standout features is the simulated phishing campaign. As an admin, you are empowered to set up these campaigns to help determine where to focus your preventative efforts. This guide goes through the steps of setting up a phishing test campaign for your users.
The IronScales Home Dashboard
The first thing you will need to do is access the IronScales admin portal. Go to https://members.ironscales.com/ and log in using your administrator credentials. This will bring you to the home dashboard.

On the right-hand side of this dashboard is a recent campaign widget. This will include a link to launch your new campaign. If you have no recent campaigns, just click “launch a campaign” to start. However, if there is data in this field, click “new campaign” in the upper right corner of the graph.

Initial campaign attributes
The first page after you click to launch is your campaign setup. Start by entering a name for you to refer back to later. If you’re not sure where to begin, the general date or month is a good start.

You then have to select campaign participants. There is an “all company” option, but you can also select by many variables to target including department, title, and users who were lured in a previous campaign.


To change any of your attributes, just click previous. Now that you have set the attributes for this campaign, let’s move onto the types and training options.
Campaign scenarios and training
On the next page you can select what types of scenarios you want sent to your staff, including choosing difficulty or topic. You can even review individual scenario emails. This can help you narrow down your focus to what applies most to your group, or where they have been lured in the past. Select however many scenarios apply or use one of the auto-select options at the top.

The next page allows you to decide what the user sees if they follow a link from one of those fake email scenarios. These help teach the user about their particular mis-click or phishing in general to help prevent them from making a similar mistake in the future. You can change the branding to better match your company or messaging.

After that you will be able to assign users a training module. This is not a punishment (although may be a bit of a deterrent), but is meant to educate and enforce security best practices in those who have shown a need for it.

You can then review your choices and click launch. Your campaign will begin when specified earlier. As the campaign proceeds, you will be able to see the results in the recent campaigns section on the main home page or in the phishing campaign assessment section.
Using the data from campaigns
The phishing campaign assessment will give you information from your recent campaigns. Of course more data from more campaigns can give you a better idea of where to focus your reform efforts. This includes users who were lured by your campaign and more.
It is essential that your organization has the overall goal of using this information for prevention. The analysis and training that comes with IronScales can be a big help, and take much of the burden off you and your staff to keep track on their own. Share any your findings with your cyber security preparedness coordinator and your IT provider to come up with a plan to stop phishing attempts before they become a problem.
Subscribe to Valiant's Monthly Email Digest
Valiant's monthly email digest is filled with original content written by our staff, tech news, and business insights.