To modify a smishing scenario, click Duplicate on the scenario card you want to edit.
1 – Objectives
Understand how to edit the SMS components
Understand how to modify the credential-harvesting landing page
2 – Prerequisites
Have access to the Smishing module
Have the permissions required to create, edit, or duplicate a scenario (Admin role minimum)
Know the basics of how a Smishing scenario works (SMS → landing page)
3 – Duplicating a scenario to edit it
To modify an existing scenario:
Open the scenario library
Click
Duplicateon the scenario card you want to customize
A copy of the scenario is created and can be edited without affecting the original template.
4 – Editing the general details of the scenario
4.1 – Scenario name
Enter a clear and unique name
This name allows you to find the scenario in My Scenarios.
4.2 – Scenario language
Select the target language
This option sends scenario variations adapted to the language of targeted employees.
Click Continue to proceed to the next step.
5 – Editing the SMS
You can fully customize the SMS used in the scenario.
5.1 – Available actions
Modify the SMS wording freely
Insert dynamic variables using the
{ }button (e.g., first name, last name, email...)Insert a phishing link by selecting text and clicking Insert Phish Link
Modify the phishing link extension (e.g., .com, .net) using the Redirector button
5.2 – SMS character limit
An SMS cannot exceed 140 characters.
Keep this limit in mind when inserting a link or dynamic variables.
Click Continue to proceed to the landing page selection step.
6 – Choosing the landing page
At this step, choose the type of smishing campaign you want to configure.
⚠️ Warning
Unlike phishing, you must define now whether the campaign is:
Click Only, or
Credential Harvesting
6.1 – “Click Only” campaign
Measure only whether the employee clicks the link.
Select
Just test if the employee clicks the linkEnter a redirection URL
(This may be an external website or an internal information page.)
6.2 – “Credential Harvesting” campaign
Simulate a full attack involving credential collection.
Select
Trick employees into entering their credentialsChoose a landing page:
from the existing templates, or
from your custom landing pages in My Landing Pages (see more details here)
Click Continue to access the summary.
7 – Scenario summary
The final step allows you to choose the scenario’s final destination—what happens after the click or credential submission.
Choose between two modes:
7.1 – Training mode
Use this mode when the campaign is intended to be educational.
The user is redirected to a training page immediately after:
a click (click-only campaign), or
a compromise (credential-harvesting campaign)
A step-by-step scenario summary is displayed.
To customize the default training page:
→ Go to your Settings.
7.2 – Awareness mode
Use this mode when you want to assess employees without informing them immediately that it was a test.
The user is redirected to:
a specific URL of your choice, or
the legitimate webpage copied to create the credential-harvesting page (default)
This mode is used primarily to measure behavior and obtain the most reliable results.
