How to Launch an IronScales Phishing Campaign

While IronScales tends to get categorized as a third party phishing and spam filter, it has many features that make it much more. It can be a strong tool in your arsenal for maintaining cyber security awareness and prevention. 

One of the standout features is the simulated phishing campaign. As an admin, you are empowered to set up these campaigns to help determine where to focus your preventative efforts. This guide goes through the steps of setting up a phishing test campaign for your users. 

The IronScales Home Dashboard

The first thing you will need to do is access the IronScales admin portal. Go to and log in using your administrator credentials. This will bring you to the home dashboard.

This page gives you a brief overview of recent incidents and campaigns.

On the right-hand side of this dashboard is a recent campaign widget. This will include a link to launch your new campaign. If you have no recent campaigns, just click “launch a campaign” to start. However, if there is data in this field, click “new campaign” in the upper right corner of the graph. 

The left shows the widget with no recent campaigns and the right shows it with a few that generated data.

Initial campaign attributes

The first page after you click to launch is your campaign setup. Start by entering a name for you to refer back to later. If you’re not sure where to begin, the general date or month is a good start.

On the campaign setup page you can see the upcoming steps listed to the left.

You then have to select campaign participants. There is an “all company” option, but you can also select by many variables to target including department, title, and users who were lured in a previous campaign.

Choose who to target or select all to reach all your users.
The tool will calculate the campaign length for you. Try to pick a time when all your participants will have office hours.

To change any of your attributes, just click previous. Now that you have set the attributes for this campaign, let’s move onto the types and training options.

Campaign scenarios and training

On the next page you can select what types of scenarios you want sent to your staff, including choosing difficulty or topic. You can even review individual scenario emails. This can help you narrow down your focus to what applies most to your group, or where they have been lured in the past. Select however many scenarios apply or use one of the auto-select options at the top.

Review difference scenarios on this page and opt to narrow your focus.

The next page allows you to decide what the user sees if they follow a link from one of those fake email scenarios. These help teach the user about their particular mis-click or phishing in general to help prevent them from making a similar mistake in the future. You can change the branding to better match your company or messaging.

After that you will be able to assign users a training module. This is not a punishment (although may be a bit of a deterrent), but is meant to educate and enforce security best practices in those who have shown a need for it.

Browse different training modules that can best support your users.

You can then review your choices and click launch. Your campaign will begin when specified earlier. As the campaign proceeds, you will be able to see the results in the recent campaigns section on the main home page or in the phishing campaign assessment section. 

Using the data from campaigns

The phishing campaign assessment will give you information from your recent campaigns. Of course more data from more campaigns can give you a better idea of where to focus your reform efforts. This includes users who were lured by your campaign and more.

It is essential that your organization has the overall goal of using this information for prevention. The analysis and training that comes with IronScales can be a big help, and take much of the burden off you and your staff to keep track on their own. Share any your findings with your cyber security preparedness coordinator and your IT provider to come up with a plan to stop phishing attempts before they become a problem.

Valiant Technology is the award-winning managed service provider to innovative industries in New York.

Continue reading

Subscribe to Valiant's Monthly Email Digest

Valiant's monthly email digest is filled with original content written by our staff, tech news, and business insights.

Schedule a Meeting

Our sales team is here to answer questions and explore the benefits of Valiant Managed service for your business.