Phishing Simulator

The Phishing Simulator module allows you to create a realistic simulated phishing email that is sent to employees in order to assess their ability to recognize suspicious emails and their response to attacks that could compromise organizational data and systems.
The module provides the capability to customize and target a phishing campaign suited to your organization and to evaluate the results.



Q: How can I combine the Email Template and Landing Page to create a phishing scenario?

A: You can easily create a customized phishing scenario to suit your organization. You will find the instructions here: How to add a new phishing scenario under the Scenarios page.

Q: Can I delete System Scenarios/Email/Landing Pages?

A: The System templates can't be deleted by the admin users. The admins are able to delete their custom templates.

Q: Which tracking domain is used for Attachment type campaigns?

A: The platform automatically generates unique tracking links for attached files for each target user for Attachment type campaigns. The domain that is used for the attachment type campaign is

Q: How Difficulty is formulated and assigned to campaigns?

A: The difficulty level of the campaigns is assigned by the support team who develops the campaigns and decides the difficulty based on experience/knowledge.

Q: Emails do not arrive to the target users

A: The delivery status can be checked on Sending Report menu in the campaign report to see if the emails have been delivered successfully to the users. If the emails are successfully delivered, please check your whitelisting settings.

Q: Why the domain that is used for the campaign gives a red screen on Google?

A: If the campaign contains an HTML page where it contains any words, pictures or links related to Google, Facebook, Twitter, Apple, Microsoft or other such major companies, Google will easily identify it as suspicious and as a result, the user will see red screen after click the link in the simulated phishing email.
  • Please make sure not to use real words, pictures or links that are related to major companies.
  • The platform offers approximately fifty domains to be used in campaigns. The admin can also try to change the phishing domain to a new one and then launch the campaign with the new domain.

Q: Why I see phishing email looks not properly in Outlook Desktop App?

A: The Outlook Desktop application doesn't read CSS styles which cause sometimes the email not to look properly as it was seen on the platform. You may contact the support team to check if the phishing email could be optimized.