NHS simulated phishing tool user journey

The NHS simulated phishing tool user journey

1. Request form submitted to register your interest. This form goes to our service desk [email protected]
2. A campaign manager will then contact you to schedule the date of your simulation and discuss the rest of the process.
3. Before the campaign kicks off, we will ask you to perform some allow listing where required, to ensure the emails are delivered successfully. If your organisation uses NHSMail, allow listing has already been completed across this tenant, by NHS Digital. You will only need to implement allow listing, if you locally manage any additional mail filtering that could interfere with the email delivery. We recommend that you contact a mail admin resource within your organisation, to understand whether this will be necessary and make them aware of the requirements.
4. Your organisation will choose 1 of 10 available email templates per campaign (these are updated quarterly). The email can be sent to a maximum of 15,000 users in your organisation.
5. Email delivery can be staggered and sent across a number of days. The campaign will run for 2 weeks.
6. When the email lands in the recipient's inbox, we will be able to record if they open email, click link, submit credentials (no data is collected). 
7. If a recipient performs all 3 actions, they will be directed to watch our phishing email training video.
8. At the end of the 2 weeks, we will compile a report to send you, which will include data on how recipients interacted with the email.
9. We will also provide a link to our training video, so this can be shared amongst all staff.
10. We recommend running another simulation soon after to measure effectiveness.