In today’s environment, social engineering attacks are prevalent and increasing. The human element is often the weakest component in a company’s security. Attackers know this and exploit it. 47% of cyber security attacks such as social engineering, spear phishing and ransomware attacks are that are financial motivated. With PhishingBox, you can easily conduct simulated phishing attacks to test employees' security awareness as part of a comprehensive security awareness training program. Our Phishing Simulator allows you to create custom groups with as many phishing targets as you would like. You can target any employee or group of employees with a simulated spear phishing attack. Our Phishing Simulator allows you to craft a simple email message and send it to one or several recipients using a specified mail server. You can create multiple tests targeting specific groups with one of our custom-built phishing templates or you can create your own test using our Phishing Template Editor. Spear phishing is a common everyday occurrence and a security awareness training program is critical to preventing these scams.
156 million phishing emails are sent
16 million phishing emails get through security filters and into inboxes
8 million phishing emails are opened and 800,000 links in those emails are clicked
80,000 recipients fall for a phishing scam
Testing your employees with simulated phishing attacks is an important part of your overall security awareness program. PhishingBox makes it easy to measure and demonstrate your employees’ aptitude and progress on highly visual dashboards and reports. Your employees are on the front line in the anti-phishing battle and you can’t win without them.
Easy to use Microsoft Active Directory integration using LDAP. You may also use Learning Magagement Systems to sync users into groups. Create as many groups as you would like to help segment your phishing targets.
PhishingBox can be used on any device, providing the ability to perform administrative tasks in the office or on the go. Our custom landing pages are also device-friendly to make the user feel safe and create the most convincing phishing lure.
Phishing Template Library:
The Phishing Simulator includes a vast library of templates that are designed to mimic real-world attacks without any of the danger. Our Phishing Template Library also includes our community of other users who have submitted their phishing templates for other companies to use. If you’re HTML savvy, you can write your own code to build highly customized content or email template styles and submit your own. You can pick or design the exact landing page that an employee will see if they take the bait. These landing pages can be directly linked to training and reinforcement activities within an LMS.
This allows our clients to import users and instantly start testing along with flagging users who need to be educated by failing the phishing test. For larger companies, PhishingBox also integrates with Microsoft Lightweight Directory Access Protocol (LDAP) to ease the onboarding process.
Learn MorePhishingBox has many different types of reports along with compariative reports on multiple tests to see a pattern of who is being lured. You can export in PDF or CSV format along with tapping into our report system using our API. We also have instant reporting with email notifications and summary emails on completion.
According to Verizon, 67% of cyber espionage begins with a phishing email. Using our PhishingBox Phishing Simulator you can proactively combat against email-based social engineering attacks and strengthen your most overlooked security asset. Your employees are on the front line in the anti-phishing battle and you can’t win without them. PhishingBox highly recommends a combination of simulated phishing attacks and targeted training to create a workforce that is immune to the lures of hackers.
Sync with your third-party sources to keep your target list current and automatically add new targets to your scheduled tests.
Schedule 12 months of realistic phishing simulations that are programmatic and meet your organization's needs.
Use one of the ready-built phishing templates from our extensive library, or customize and create your own.
Fully customize the target experience using the Template Editor to configure email content, training moments, and more.
Configure notifications to alert targets when they fail tests and keep admins and clients up-to-date on campaign status.
Streamline data sharing and analytics across platforms using our Global API for better informed decision making.
Automatic risk scoring with one click Second Chance response guidance reduces false positives, with fewer help desk tickets.
If a target fails a phishing test, you can automatically enroll them into a security awareness course through our Security School LMS.
Customize our pre-built reports or create one from the ground up. Get the data you need to identify your security vulnerabilities.
Yes. The PhishingBox phishing simulator includes a template library for various phishing scenarios.
You can fully customize any of our existing scenarios / phishing campaigns to fit your exact needs and language preference. We also constantly add new scenarios according to current trends in phishing attacks and cybersecurity. These are also fully customizable / editable. Alternatively, you can easily create templates/scenarios from scratch.
The platform includes training from PhishingBox and other third-party content providers. Learn more about our security awareness training content providers here.
Yes. The phishing simulator allows for custom scheduling of phishing campaigns.
Yes. You can configure the system to display training material at the point of failure. Alternatively, you can also enroll employees that fail into a separate training course.
It depends on how you configured your test. There are multiple options available. You can display nothing to the user, you can provide the user a message, or you may redirect the user another page, or you can automatically enroll the user into a training course.
Yes. There are several options for delivering training if a user fails a phishing test. One method is to provide a training moment as soon at the user fails a test. In addition, a user may be enrolled automatically into a training course or program should they fail a test.
Yes. An organization can use PhishingBox to conduct a phishing test on multiple domains. However, these domains must be approved. There are several method for obtaining approved to conduct simulated phishing tests for a specific domains. These include but are not limited to email authorization and DNS authorization.
Targets can be input manually, or through several automated means. The PhishingBox system can integrates with several third-party systems, and can also be used via the PhishingBox API. The automated methods greatly reduce the time spent maintaining the system.
Yes. We include our KillPhish plugin to allow users to report phishing emails, including simulated phishing emails. If an end-user reports a training email it is recorded as part of the NRS or Net Reporter Score metric. Learn more about PhishingBox NRS here.
This brochure provides an overview of the PhishingBox security awareness ecosystem.
Download
This document outlines controls that should be implemented to prevent or minimize phishing attacks.
Download
This brochure provides an overview of the Phishing Simulator.
Download