“Simulated phishing allows your employees to gain exposure to the types of phishing emails commonly seen in circulation without experiencing the consequences of a real attack”

Phishing Attack

What Is Phishing?

Phishing via email is the attempt to trick people into clicking a link, or opening an attachment, that subsequently installs malware or requests certain credentials on a fake or spoofed website. The attacker masquerades as a reputable organisation or person and will usually create a story that is compelling enough for the victim to carry out the desired action.

What Is Simulated Phishing?

Simulated phishing allows your employees to gain exposure to the types of phishing emails commonly seen in circulation without experiencing the consequences of a real attack. We craft and send the email from our in-house phishing server, we deliver educational landing pages to teach people how they could have identified it as a phish, we track the clicks and then we provide you with a report of results so that we can monitor the success of the programme.

Simulated Phishing Campaign

Campaign Roadmap

At the beginning of the simulated phishing campaign we set the objectives and agree a delivery timetable. We discuss acceptable content, the intended target audience and, if required, an introduction to your employees.

Custom Phish Creation

We create a set of HTML phishing emails to be delivered throughout the campaign. The emails will range in complexity and will challenge your employees to search for visual clues that could identify it as a scam.

In-house Servers

We deliver the phishing emails directly from our in-house phishing server. Tests will take place prior to delivery to ensure the emails can get through your filters and determine whether our servers need to be whitelisted.

Educational Landing Pages

If the employee clicks the link in the email they will be diverted to an educational landing page where advice is given about how to recognise scam emails. From the landing page the employee can choose to launch an additional short 5 minute phishing e-learning module.

Click Tracking

Our phishing servers are able to track emails opened and links clicked. We can also provide names of people who clicked the link, not to name and shame, but to highlight areas of the business that may need additional training. This information is never made public.

Progress Reporting

After each simulated phishing campaign we provide a full management report, which we can review together, that can help to identify additional awareness initiatives and training, if required. This report is only ever made available to the programme owner.

Spear Phishing

Spear phishing is a highly targeting form of phishing attack

How do you spear phish?

We select a target, we carry out detailed OSINT (open source intelligence) and we start to form a profile of that person. We then craft a phishing email tailored to that one individual using all of the intelligence we have gathered. Because the attack is personalised it has a greater chance of success.

Why spear phish?

Spear phishing is a technique widely used by social engineers to compromise their victims. Knowing their tactics is the first step to defending against them. It also highlights the need for caution in regards to the information that is openly posted on the internet.

Awareness Healthcheck

Ask us about a one off simulated phishing attack and report.
No obligation to go ahead with a campaign.


Would you like to know more about information security awareness training?

Contact us using the form below and one of our security awareness experts will get back to you. Alternatively you can reach us on 0800 292 2900 or