Phishing simulation program
Weekly sends, monthly unique templates. Every failed simulation triggers immediate micro-training. The report button is celebrated as much as not clicking.
Foundation sims
Generic templates with high visual cues. Goal: establish baseline, not to trick. Every click triggers a 2-min teachable moment module immediately.
Targeted sims
Role-specific sends. BEC and payroll themes for finance. Cloud app themes for ops. Templates become more polished and harder to spot.
Multi-vector sims
QR, SMS, and vishing added alongside email. MFA push bombing. Tests whether training generalized beyond email to other attack surfaces.
Advanced sims
AI-personalized, contextually accurate templates. Near-zero visual cues. Measures whether trained behavioral skepticism holds under realistic pressure.
Landing page immediately reveals 'This was a simulated phish.' No blame, no shame — shows exactly which cues they missed.
Bite-sized lesson specific to the template type they fell for. Right-time, right-context learning is the highest-retention intervention available.
Platform auto-enrolls the employee in the full module for that threat type. Completes in their own time within 5 business days. No manager intervention required.
Department managers receive a weekly roll-up — team-level trends, not individual names. Used for coaching conversations, not performance management.
After 3 fails on the same vector within 90 days: personal coaching session with IT/MSP, not disciplinary action. Re-test in 30 days.