With SAT now initiated on your Proofpoint account, you can move forward with creating and editing SAT Phishing Campaigns. In this guide, i'll talk you through where you can access SAT Phishing Campaigns and how to set up your own.


SAT Phishing Campaign Creation


Step 1: Log into your Proofpoint account

  • Once logged in, click on "Security Awareness" in the left hand navigation, the page will look like the image below:
  • Click on Launch Platform
  • The Security Awareness portal will now open in a new window.


Step 2: Selecting New Phishing Campaign

  • In the Security Awareness portal, click on "Phishing" in the top navigation then click " New Campaign".
  • The page will populate with a list of different phishing campaign types you can deploy; choose the campaign type that best reflects the common attacks you face. Each campaign includes thousands of templates to choose from.
  • For this guide, i selected Drive-by phishing campaign, the setup is identical for all the campaigns.


Step 3: Selecting New Phishing Campaign

With your chosen campaign selected, the page will now be populated with the create campaign detail settings.


In this section you can decide upon the:

  • Give the campaign a title.
  • Select from a large choice of languages templates for your campaign to be in.
  • Chose from a wide category templates that you want your phishing emails to reflect e.g. Account/finance phishing, Cloud services, HR, Invoices etc.
  • Pick your phishing campaign template based on the average failure rate.
  • Pick the the phishing template you wish to use my clicking "Add" on the template. 
  • You also have the choice to create a template from scratch.


With the templates selected you have the option to:

  • Preview the phishing template.
  • Edit the phishing template.
  • Delete the phishing template.
  • Mail the phishing template to yourself.


Campaign Users:


Select the users you want to include into the campaign, you can have the option to pick from different groups/teams or simply select "pick all users" to send the campaign to all employees.


Phishing Link Teachable Moment:


Teachable Moments are shown to users when they click a link or open an attachment in a simulated phishing email. This provides an opportunity to educate users in a constructive, blame-free way that they've fallen for a threat simulation.


Proofpoint offers a wide variety of Teachable Moments, which you can filter by category or language to best suit your organization’s needs.



Your next task is to specify how long you'd like to collect data for. Proofpoint’s default is 7 days, but you can choose to collect data indefinitely or set a custom time frame using the calendar date range.


The in-depth training option also allows you to create a training campaign alongside the phishing simulation, so users can be assigned additional training.


Campaign Scheduling 


To schedule the campaign, you can choose either a specific date and time for delivery or opt to randomize the schedule over multiple days and times.


Randomized scheduling can be especially useful, as it helps prevent end users from warning others about the phishing simulation in advance.


The Review Schedule button lets you see a breakdown of email deliveries by day.



You also have some other options you can chose to include in your campaign including:

  • Plugins: Review installed browser plugins to identify potentially risky or unauthorised extensions that could impact security.

  • Network Checks: Assess users’ network environments (e.g., public Wi-Fi, VPN usage) to detect unsafe connections that may expose sensitive data.

  • User Data Options: Control how much personal or behavioural data is collected by anonymising the data.

  • Email Tracking Options: Monitor user interactions with simulated phishing emails (opens) to measure awareness and engagement.


Finally, click on "Create Campaign".


Congratulations! You have created your phishing campaign. To view the campaign you've created, clicking on the "Phishing" button on the tap navigation then select "Active Campaigns".


Worth noting: Once the campaign is running, you cannot make any modifications. However, while the campaign is in a pending you can continue to make changes up into the start date.


Thank you for taking time to read this guide, if you wish to access other SAT guides click here or select the guides below:


Creating and Scheduling Training Campaigns

Setting up Safelisting & Advanced Delivery for Proofpoint SAT in M365

Security Awareness Safelisting (US)

Security Awareness Safelisting (EU)