Skip to content

Getting started with PhishDeck

Quickly get started with phishing simulation using PhishDeck.

PhishDeck as a platform aims to provide the most valuable phishing simulation campaigns that it can with the least amount of configuration required by the user to achieve their goals. With that in mind, the following is a short Quickstart Guide that can help you get on your feet quickly.

1. Create a test Campaign – the fun part!

The email you signed up with has been automatically verified and you can immediately send phishing emails to this address — for testing purposes.

Navigate to the [Campaigns] menu and click [New]. Start by adding a Title and Description for your Campaign. Then click [Next] to proceed, here you’ll find the email address you signed up with.

Create a Campaign in PhishDeck

Heads up – When adding multiple Lists and Targets, PhishDeck will automatically deduplicate the final list of Targets to avoid sending multiple emails to a single Target in a Campaign.

Click [Next] to pick one or more Templates for this Campaign. All phishing templates are pre-configured for you and designed to mimic effective engaging phishing emails. Once ready click [Next].

Select one or more Templates for your Campaign in PhishDeck

Which brings us to the last step of setting up our first phishing Campaign, the campaign’s schedule. Given that this is a quickstart guide, we can simply set the Campaign to [One time] and click on [Submit].

Heads up – Submitting a Campaign places it in a submission queue. PhishDeck will process your Campaign within one minute of your scheduled time!

Set a schedule for your Campaign in PhishDeck

2. Check your email

You should have received the phishing email you’ve just set up via the Campaign.

Heads up – Check your spam folder! Further on in this guide, we’ll see how to easily avoid having phishing simulation emails being marked as spam.

PhishDeck uses a realtime proxy to simulate realtime phishing attacks, which means that after clicking the link and entering credentials, you will essentially be logging in to the actual website.

Important – While PhishDeck will log that credentials are entered, PhishDeck does not capture or log the credentials themselves.

Example of a phishing simulation email sent by PhishDeck

3. Results and reporting

You can view your Campaign results with high-level trends, as well as granular per-Target event timelines. You can visit this screen by clicking on the Campaign name.

Campaign results chart in PhishDeck

You can also export your results as a report, by clicking on the “Download Report” button and selecting the export format of choice (HTML or CSV).

4. What’s next?

  1. Allow PhishDeck to send emails to your organization

Naturally, IPs which only send phishing simulation emails are bound to be blocked, and to such an extent, we strongly suggest explicitly allowing PhishDeck’s IP addresses to avoid issues with your phishing simulation Campaigns. Instructions on how to do this can be found below.

  1. Verify your domain

To verify a Domain, navigate to your Account settings (A), then click on the “Add Domain” button (B).

Screenshot of PhishDeck domain verification

If you encounter any difficulties while setting up your domain, fret not, please reach out to us on