SMS Campaign Creation Guide

ℹ️ What is an SMS Campaign?

An SMS campaign (smishing test) allows you to test security awareness by sending fake SMS messages to your employees. It works similarly to email campaigns, but is conducted via SMS.

📱

Requirements for SMS Campaign

SMS Profile: SMS provider account like Twilio, Vonage
SMS Template: Message content to be sent
Target Group: User list with phone numbers
Landing Page: Page to open when clicked (optional)

1

Creating SMS Profile

Configure your SMS provider (Twilio, Vonage, etc.) for sending messages

❓ What is an SMS Profile?

An SMS profile determines which service provider your messages will be sent through. Twilio is the most popular option and can send SMS to almost any country. Other options: Vonage (Nexmo), AWS SNS, MessageBird, and Generic HTTP API.

📋 STEP BY STEP INSTRUCTIONS

1

Go to "SMS Profiles" page from the left menu

Purple icon menu item with SMS badge.

2

Click on "New SMS Profile" button

3

Enter a name in Profile Name field

Example: "Twilio Main Account", "Vonage Test"

4

Select Provider Type

Twilio is the most commonly used option.

5

Enter Sender Phone Number

The number SMS will be sent from. Example: +15551234567

6

Enter your provider's API credentials

For Twilio: Account SID and Auth Token

7

Send a test using "Send Test SMS"

Enter your own phone number and receive the test SMS.

8

Save with "Save Profile" button

⌨️ Fields to Fill

Field Name	Description	Example
Profile Name	The name you want to give the profile. Only you will see it.	Twilio Main Account
Provider Type REQUIRED	Select your SMS provider: Twilio - Most popular, easy setup Vonage (Nexmo) - Good pricing AWS SNS - Amazon infrastructure MessageBird - Europe focused Generic HTTP - Custom API integration	Twilio
Sender Phone Number REQUIRED	The phone number SMS will be sent from. Number from your provider. Enter in international format (+1...)	+15551234567
Rate Limit	Maximum number of SMS per minute. Set to avoid exceeding your provider's limits.	60

📞 Twilio Setup (Most Popular)

Twilio is the most preferred SMS provider. Follow the steps below to create a Twilio account and connect it to GNSAC.

📱

Creating a Twilio Account

Go to twilio.com/try-twilio
Create a free account (no credit card required)
Verify your phone number
Get a phone number from the Dashboard (Buy a Number)
Copy Account SID and Auth Token
Paste this information into GNSAC SMS Profile

Twilio Field	Where to Find?	Example
Account SID	Twilio Console > Account Info (starts with AC)	ACxxxxxxxxxxxxxxxx
Auth Token	Twilio Console > Account Info > Click "Show"	xxxxxxxxxxxxxxxx

⚠️

Twilio Trial Account Limits

On a free trial account, you can only send SMS to verified numbers. For bulk SMS, you need to upgrade your account. Trial accounts add "Sent from Twilio trial account" at the beginning of each SMS.

2

Creating SMS Template

Prepare the SMS message content to be sent to targets

❓ What is an SMS Template?

An SMS template is the content of the message that will be sent to target users. It should be short, attention-grabbing, and contain a clickable link. Unlike email templates, SMS messages are limited to maximum 160 characters (1 segment). Longer messages are sent as multiple segments and cost more.

📋 STEP BY STEP INSTRUCTIONS

1

Go to "SMS Templates" page from the left menu

2

Click on "New SMS Template" button

3

Enter template name in Template Name field

Example: "Bank Verification SMS", "Delivery Notification"

4

Write the SMS content

Make sure to use {{.URL}} variable!

5

Check character count

160 characters = 1 segment. More means extra cost.

6

Save with "Save Template" button

💬 SMS Variables

You can use the following variables in your SMS content. The system automatically replaces these with the correct value for each target.

Variable	Description	Example Output
{{.FirstName}}	Target's first name	John
{{.LastName}}	Target's last name	Smith
{{.URL}}	REQUIRED! Phishing link. Must be used!	https://xyz.com/r/abc123
{{.Position}}	Target's position	Engineer

⛔

{{.URL}} Variable is Required!

The SMS content must include {{.URL}} variable. Without it, users cannot be redirected to the phishing page and the campaign will fail!

📝 Example SMS Templates

🏦

Bank Verification

[BANK] Dear {{.FirstName}}, suspicious activity detected on your account. To verify: {{.URL}}

118 characters - 1 segment

📦

Delivery Notification

Your package could not be delivered. Update address at: {{.URL}} - FedEx

78 characters - 1 segment

🔐

Password Reset

{{.FirstName}}, your password reset request received. Click to proceed: {{.URL}}

85 characters - 1 segment

🎁

Promotion

Congratulations {{.FirstName}}! You've won a $500 gift card. Claim now: {{.URL}}

88 characters - 1 segment

👁️ SMS Preview

+1 555 123 45 67

[BANK] Dear John, suspicious activity detected on your account. To verify: https://gnsac.link/r/x7k2m

Now

💡

Effective SMS Writing Tips

Keep it short and clear - stay under 160 characters
Create urgency: "Immediately", "Last 24 hours", "Urgent"
Include sender name: [BANK], [FEDEX], [COMPANY]
Use short URLs (system shortens automatically)
Be careful with special characters (segment count may increase)

3

Creating Target Group

Prepare phone numbers of users to receive SMS

❓ Target Group Difference for SMS

For SMS campaigns, phone number is required in target groups. You can use the same groups as email campaigns, but users must have phone numbers defined.

📱

Phone Number Format

Enter phone numbers in international format: +15551234567 (no spaces, no dashes). The system may not automatically correct different formats.

📄 CSV File Format (For SMS)

📄 CSV File Example (sms_users.csv)

First Name,Last Name,Email,Position,Phone
John,Smith,john@company.com,Engineer,+15551234567
Jane,Doe,jane@company.com,Accountant,+15559876543
Mike,Johnson,mike@company.com,Manager,+15554567890

⚠️

Users Without Phone Numbers

Users without phone numbers in the target group will not be included in the SMS campaign. Check how many users have phone numbers in your group before launching the campaign.

4

Launching SMS Campaign

Combine all components and launch the campaign

❓ Final Step: Bring Everything Together

When creating an SMS campaign, you select the SMS Profile, SMS Template, and Target Group you prepared in previous steps. You also specify the landing page URL and send time.

📋 STEP BY STEP INSTRUCTIONS

1

Go to "SMS Campaigns" page from the left menu

2

Click on "New SMS Campaign" button

3

Enter Campaign Name

Example: "Q1 2024 SMS Test - IT Department"

4

Enter Landing Page URL

The address that will replace {{.URL}} variable. Example: https://phishing.company.com

5

Select SMS Template

The template we created in step 2.

6

Select Sending Profile

The SMS profile we created in step 1.

7

Select Target Groups

Group(s) containing users with phone numbers.

8

Set Launch Date (optional)

Leave empty to send immediately.

9

Launch with "Launch Campaign" button

⌨️ Campaign Fields

Field	Description	Example
Campaign Name	Campaign name. Shown in reports with this name.	2024-Q1 SMS Test
Landing Page URL CRITICAL!	Very important! The address that will replace {{.URL}} variable in SMS. Must be your GNSAC server's externally accessible address.	https://test.company.com
SMS Template	SMS template to be sent.	Bank Verification SMS
Sending Profile	SMS provider profile (Twilio, etc.)	Twilio Main Account
Landing PageOptional	Landing page defined in GNSAC. If left empty, URL field address is used.	-
Target Groups	Target group(s) to receive SMS. You can select multiple.	IT Department
Launch Date	Date/time for campaign launch. Empty = starts immediately.	2024-03-15 09:00

⛔

Check Before Launching!

Is SMS profile tested?
Are phone numbers in target group in correct format?
Is Landing Page URL accessible?
Is management approval obtained?
Is SMS provider balance sufficient?

📊 Campaign Results

After the campaign launches, you can track live from the "SMS Campaigns" page:

📤

SMS Sent

How many SMS were sent?

✅

Delivered

How many SMS were delivered?

🖱️

Clicked

How many people clicked the link?

🔑

Submitted

How many people entered data?

✓

Congratulations! You've Completed the SMS Guide

You're now ready to create your own SMS phishing campaign

🎧

Need Help?

If you need assistance with anything, you can reach us at support@gnsac.com.tr.