[Campaign] Request a custom spear phishing simulation

A spear phishing simulation is a highly realistic phishing test that is tailored to your organization or a specific team. It typically feels more personal and urgent than a standard phishing simulation.

Use this guide to understand when a custom spear phishing simulation makes sense, what information you need, and how to submit a request.

Note: Spear phishing simulations are available as an additional service and may involve extra costs.

When to request a custom spear phishing simulation

Request a custom spear phishing simulation if you want:

• A high-impact scenario for a specific team (for example, management or finance).
• A simulation that matches your organization’s context (internal tools, departments, tone of voice).
• Strong realism and personalization (sender role, internal wording, credible story).

When to use a standard campaign instead

Use a standard campaign if you want to set up and run the simulation yourself:

• One-time phishing campaign for a single send to a selected audience.
• Randomized phishing campaign for an ongoing test with random delivery in a time window.

Next step

• [Campaign] Set up a one-time phishing campaign
• [Campaign] Set up a randomized phishing campaigns

Self-service option: customize your own spear phishing template

You can also create your own spear phishing simulation by customizing a template in Guardey.

This is a good option if you want full control and prefer to run the campaign yourself.

Next step

• [Template] Customize templates

How to request a custom spear phishing simulation

You can submit a request in two ways:

• Contact your Customer Success Manager.
• Email support@guardey.com.

After you submit your request, Guardey will confirm the next steps and the estimated scope and costs.

Information to include in your request

Include the details below to avoid back-and-forth and speed up delivery.

1) Goal and success criteria

• What do you want to test? (for example: reporting behavior, clicking links, data entry)
• Which metric matters most? (clicks, reports, data entry)

2) Target audience

• Which users or groups should receive the email?
• Approximate number of recipients

3) Target domain(s)

• Which recipient domain(s) should the simulation target? (for example, company.com)
• Confirm whitelisting is in place for these domains (yes/no)

4) Scenario details

• Theme (invoice, login, HR, IT, document share, delivery notice, etc.)
• Context that makes it realistic (internal department names, tools, processes)
• Desired tone (formal, neutral, urgent)

5) Personalization preferences

• Sender display name (for example, “IT Support”)
• Sender role or department
• Any internal naming conventions to follow

6) Language

• Preferred language(s)
• If multiple languages are needed, confirm if English fallback is acceptable

7) Timing constraints

• Earliest start date
• Preferred sending window (dates)
• Any days to exclude (if applicable)

Before the simulation can run

Make sure the basics are in place:

• Users are defined.
• Whitelisting is configured for the target domain(s). You will receive the information from your contact person.

ℹ️ Without whitelisting, emails can be blocked or scanned automatically. This can affect deliverability and reporting accuracy.

After you submit the request

Guardey will review your request and confirm:

• the proposed setup and scenario
• any required input from your side
• the scope and costs
• how the simulation will be delivered (campaign created for you or shared for review)