Simulate Phishing Attacks

In today’s environment, social engineering attacks are prevalent and increasing. The human element is often the weakest component in a company’s security defense. With PhishingBox, you can easily conduct simulated phishing attacks to test employees' security awareness as part of a comprehensive human risk management. Our Phishing Simulator allows you to create custom groups with as many phishing targets as you would like and sync your target database using our API and webhook integrations.

  • Individuals

    Target specific employees with tailored spear phishing attacks.

  • Groups

    Test a group of employees with targeted phishing campaigns.

Phishing Template Editor and Library

Our practical, intuitive editor and robust library provides you with everything you need to exercise full control over your social engineering testing and customize it end-to-end. Learn more about the Template Editor.

Build your own custom phishing templates with Bootstrap support. Utilize our visual editor, asset hosting, and more. We have custom CNAME support for your own phishing domain, and each template is comprised of an email and a landing page that can be accompanied by a training page, all of which you can customize.

Template Editor

The Phishing Simulator includes a vast library of templates designed to mimic real-world attacks without any of the danger. Our Phishing Template Library also includes our community of users who have submitted their phishing templates for shared resource use.

Template Library

Target and Group Management

Testing your employees with simulated phishing attacks is an important part of your overall security awareness program. PhishingBox makes it easy to measure and demonstrate your employees’ aptitude and progress on highly visual dashboards and reports, while vetting for false positives with Advanced Human Detection (AHD). Your employees are on the frontline in the anti-phishing battle and you can’t win without them.

  • Groups

    Test a group of employees' efficacy with targeted phishing campaigns.

  • LDAP Integration

    Fully supports the Microsoft Lightweight Directory Access Protocol.

Background Shape
Edit Target


Simple Target Management

Sync with your third-party sources to keep your target list current and automatically add new targets to your scheduled tests.

Template Library

Use one of the ready-built phishing templates from our extensive library or customize and create your own.

Robust Template Editor

Fully customize the target experience using the Template Editor to configure email content, training moments, and more.

Campaign Wizard

Schedule 12 months of realistic phishing simulations that are programmatic and meet your organization's needs.

Real-time Notifications

Configure notifications to alert targets when they fail tests and keep admins and clients updated on campaign status.

Training Content

With our built-in content and access to leading providers, there’s an endless library to pull from within our platform.

Advanced Human Detection

Advanced analyzation methods making phishing simulation testing more manageable and more accurate.


Generate branded reports outlining your phishing campaign results and metrics, tailored how you like.


Our 100% US-based and eager support team is ready and waiting to assist you on your phishing simulation campaigns.

Frequently Asked Questions

If any questions you have remain unanswered, feel free to contact us.

You can fully customize any of our existing scenarios/phishing campaigns to fit your exact needs and language preference. We also constantly add new scenarios according to current trends in phishing attacks and cybersecurity. These are also fully customizable/editable. Alternatively, you can easily create templates/scenarios from scratch.
The platform includes training from PhishingBox and other third-party content providers.
Yes. The phishing simulator allows for custom scheduling of phishing campaigns.
Yes. There are several options for delivering training if a user fails a phishing test. One method is to provide a training moment as soon as the user fails a test. In addition, a user may be enrolled automatically into a training course or program should they fail a test.
Yes. We include our KillPhish plugin to allow users to report phishing emails, including simulated phishing emails. If an end user reports a training email it is recorded as part of the NRS or Net Reporter Score metric.
Yes. We integrate natively with some LMS's. In addition, our API provides the ability to integrate with almost any system.

Additional Resources

PhishingBox Ecosystem

This brochure provides an overview of the PhishingBox security awareness ecosystem.


Business Case

This document provides an overview of the benefits of using PhishingBox's Phishing Simulator and ongoing cybersecurity training.


Prevention Checklist

This document outlines controls that should be implemented to prevent or minimize phishing attacks.