Phishing Simulator

Phishing Simulations &
Security Awareness Training

Test Your Employees & Train Your Employees

In today’s environment, social engineering attacks are prevalent and increasing. The human element is often the weakest component in a company’s security. Attackers know this and exploit it. 47% of cyber security attacks such as social engineering, spear phishing and ransomware attacks are that are financial motivated. With PhishingBox, you can easily conduct simulated phishing attacks to test employees' security awareness as part of a comprehensive security awareness training program. Our Phishing Simulator allows you to create custom groups with as many phishing targets as you would like. You can target any employee or group of employees with a simulated spear phishing attack. Our Phishing Simulator allows you to craft a simple email message and send it to one or several recipients using a specified mail server. You can create multiple tests targeting specific groups with one of our custom-built phishing templates or you can create your own test using our Phishing Template Editor. Spear phishing is a common everyday occurrence and a security awareness training program is critical to preventing these scams.

Every Day

156 million phishing emails are sent
16 million phishing emails get through security filters and into inboxes
8 million phishing emails are opened and 800,000 links in those emails are clicked
80,000 recipients fall for a phishing scam

Target & Group Management

Testing your employees with simulated phishing attacks is an important part of your overall security awareness program. PhishingBox makes it easy to measure and demonstrate your employees’ aptitude and progress on highly visual dashboards and reports. Your employees are on the front line in the anti-phishing battle and you can’t win without them.

Easy to use Microsoft Active Directory integration using LDAP. You may also use Learning Magagement Systems to sync users into groups. Create as many groups as you would like to help segment your phishing targets.

Mobile Friendly for All Devices

PhishingBox can be used on any device, providing the ability to perform administrative tasks in the office or on the go. Our custom landing pages are also device-friendly to make the user feel safe and create the most convincing phishing lure.

Phishing Template Editor & Library

Some of the many reasons to use our editor are to provide full control over your social test and customize it end-to-end.

Phishing Template Editor Features:

Build your own custom phishing templates
Our Template Builder is Bootstrap supported
Utilize our Visual & Code Editor, asset hosting and more
Custom CNAME support for your own phishing domain
Each template is comprised of an email and a landing page that can be accompanied by a training page, all of which you can customize.

Learn More

Phishing Template Library:
The Phishing Simulator includes a vast library of templates that are designed to mimic real-world attacks without any of the danger. Our Phishing Template Library also includes our community of other users who have submitted their phishing templates for other companies to use. If you’re HTML savvy, you can write your own code to build highly customized content or email template styles and submit your own. You can pick or design the exact landing page that an employee will see if they take the bait. These landing pages can be directly linked to training and reinforcement activities within an LMS.

Moodle, SmarterU, Canvas Learning Management Systems (LMS)

PhishingBox integrates with many Learning Management Systems (LMS)

This allows our clients to import users and instantly start testing along with flagging users who need to be educated by failing the phishing test. For larger companies, PhishingBox also integrates with Microsoft Lightweight Directory Access Protocol (LDAP) to ease the onboarding process.

Learn More

Phishing Reporting

PhishingBox has many different types of reports along with compariative reports on multiple tests to see a pattern of who is being lured. You can export in PDF or CSV format along with tapping into our report system using our API. We also have instant reporting with email notifications and summary emails on completion.

Phishing Continuing Education & Repeat Testing

Repeat Testing & Continuing Education

According to Verizon, 67% of cyber espionage begins with a phishing email. Using our PhishingBox Phishing Simulator you can proactively combat against email-based social engineering attacks and strengthen your most overlooked security asset. Your employees are on the front line in the anti-phishing battle and you can’t win without them. PhishingBox highly recommends a combination of simulated phishing attacks and targeted training to create a workforce that is immune to the lures of hackers.

Phishing Simulator Features

Simple Target Management

IMPORT AND SYNC YOUR TARGETS

Sync with your third-party sources to keep your target list current and automatically add new targets to your scheduled tests.

Campaign Wizard

Programmatic Automation

Schedule 12 months of realistic phishing simulations that are programmatic and meet your organization's needs.

Template Library

Use Existing phishing templates

Use one of the ready-built phishing templates from our extensive library, or customize and create your own.

Robust Template Editor

Intuitive WYSIWYG customization

Fully customize the target experience using the Template Editor to configure email content, training moments, and more.

Real-Time Notifications

stay up-to-date

Configure notifications to alert targets when they fail tests and keep admins and clients up-to-date on campaign status.

API & Webhooks

Integrate with existing applications

Streamline data sharing and analytics across platforms using our Global API for better informed decision making.

KillPhish

Pre Abuse-Box Analysis Tool

Automatic risk scoring with one click Second Chance response guidance reduces false positives, with fewer help desk tickets.

Auto-Enrollment on Failure

Make remedial training easy

If a target fails a phishing test, you can automatically enroll them into a security awareness course through our Security School LMS.

Advanced Reporting

Get the information you need

Customize our pre-built reports or create one from the ground up. Get the data you need to identify your security vulnerabilities.

Frequently Asked Questions

Does the phishing simulator include templates?

Yes. The PhishingBox phishing simulator includes a template library for various phishing scenarios.

Are the phishing templates and scenarios updated, and are new scenarios added according to current trends in phishing attacks?

You can fully customize any of our existing scenarios / phishing campaigns to fit your exact needs and language preference. We also constantly add new scenarios according to current trends in phishing attacks and cybersecurity. These are also fully customizable / editable. Alternatively, you can easily create templates/scenarios from scratch.

Is all training material provide by PhishingBox or do you have access to third-party content?Can we schedule phishing campaigns in advance?

The platform includes training from PhishingBox and other third-party content providers. Learn more about our security awareness training content providers here.

Can we schedule phishing campaigns in advance?

Yes. The phishing simulator allows for custom scheduling of phishing campaigns.

Can we provide just-in-time training to employees that fail a phishing test?

Yes. You can configure the system to display training material at the point of failure. Alternatively, you can also enroll employees that fail into a separate training course.

What happens after a target falls victim to a phishing test?

It depends on how you configured your test. There are multiple options available. You can display nothing to the user, you can provide the user a message, or you may redirect the user another page, or you can automatically enroll the user into a training course.

If someone fails a phishing test, can they be automatically be given training?

Yes. There are several options for delivering training if a user fails a phishing test. One method is to provide a training moment as soon at the user fails a test. In addition, a user may be enrolled automatically into a training course or program should they fail a test.

Can we use the phishing simulator to test multiple domains?

Yes. An organization can use PhishingBox to conduct a phishing test on multiple domains. However, these domains must be approved. There are several method for obtaining approved to conduct simulated phishing tests for a specific domains. These include but are not limited to email authorization and DNS authorization.

How can we input targets into the PhishingBox system?

Targets can be input manually, or through several automated means. The PhishingBox system can integrates with several third-party systems, and can also be used via the PhishingBox API. The automated methods greatly reduce the time spent maintaining the system.

We have our own LMS, can we use the PhishingBox simulator with our LMS?

Yes. We integrate natively with some LMS systems. In addition, our API provides the ability to integrate with almost any system.

Does the simulator include a reporting plugin or method for users to report a phishing email?

Yes. We include our KillPhish plugin to allow users to report phishing emails, including simulated phishing emails. If an end-user reports a training email it is recorded as part of the NRS or Net Reporter Score metric. Learn more about PhishingBox NRS here.

View More FAQs

Additional Resources

PhishingBox Ecosystem

This brochure provides an overview of the PhishingBox security awareness ecosystem.
Download

Business Case

This document outlines controls that should be implemented to prevent or minimize phishing attacks.
Download

Prevention Checklist

This brochure provides an overview of the Phishing Simulator.
Download