Phishing Simulation

Introduction

Introduction

PhishGrid is Hunto's phishing simulation and security awareness training platform. It helps security teams measure how vulnerable their organisation is to phishing, vishing (voice phishing), and SMS-based attacks — and then close those gaps through targeted training.

This guide walks you through everything you need to run effective phishing simulations: from setting up your first targets and templates, to launching campaigns, analysing results, and assigning follow-up training.

Who is this guide for?

This guide is for security administrators and team leads responsible for running the PhishGrid platform. It assumes you already have admin access to PhishGrid within the Hunto platform.

How PhishGrid works

A typical PhishGrid workflow looks like this:

  1. Add your targets (users) and organise them into groups
  2. Choose or create a template — email, SMS, or voice phishing
  3. Launch a campaign targeting one or more groups
  4. Review results — who clicked, who reported, who ignored
  5. Assign training to users who need it most

Each step is covered in its own section of this guide.

Before you start — Pre-flight checklist

Before running your first campaign, complete these steps to avoid deliverability issues:

Task Why it matters
Whitelist PhishGrid sending domains in your mail gateway Simulation emails must bypass spam filters to reach inboxes
Whitelist PhishGrid IPs in your firewall / EDR Prevents click events being blocked or misattributed to bots
Inform your IT / SOC team that simulations are running Avoids false incident alerts during a campaign
Review applicable data privacy rules (GDPR, etc.) Some regions require employee notification before simulations

See the Whitelisting & Admin section for step-by-step instructions for Microsoft 365, IceWarp, and other mail systems.

Platform overview

PhishGrid is organised into these main sections, accessible from the left navigation:

  • Dashboard — High-level security posture and campaign performance at a glance
  • Campaigns — Launch and manage phishing / vishing simulations
  • Templates — Email, SMS, and vishing templates used in campaigns
  • Targets — Individual users participating in simulations
  • Groups — Logical groupings of targets (by department, role, location, etc.)
  • Contents — Awareness content shown to users who click a simulation link
  • Training — Assign and track security awareness courses

Next steps

Start with Targets & Groups to add your users, then move on to Templates before launching your first campaign.