Phishing simulator & training

Empower employees to detect and report phishing attacks with PhishSim™.

Launch your free Phishing Risk Test now

Choose from 1,000+ realistic phishing templates

Build simulated phishing campaigns from our library of over 1,000 templates to teach employees how to avoid the most dangerous phishing threats they face. Our phishing templates are organized by category and language so you can easily identify the right templates for your organization.

New templates are added weekly to simulate ongoing attacks, leverage recent news and keep employees ahead of new threats.

Simulate the most sophisticated phishing attacks

Prepare your employees for the most challenging threats they face by simulating the same domain spoofing techniques, typosquatting and attack types scammers find most effective.

With Infosec IQ, you can build targeted spearphishing emails, send attachment attacks, build spoofed login pages and track replies to phishing emails.

Turn phishing clicks into teachable moments

Deliver training the moment your employee clicks a phishing link to reinforce best practices and help them avoid phishing attacks in the future.

Share a brief training module, highlight phishing red flags on the email they clicked or redirect the employee to a phishing education page to provide training tailored to the email and attack type they failed to recognize.

Customize phishing templates or build your own

Every aspect of the Infosec IQ phishing simulator and training is customizable, giving you ultimate flexibility in delivering simulated phishing emails and training.

Edit existing templates, create custom phishing emails and spoofed landing pages, and build your own phishing education pages to keep employees alert to the top phishing threats in your environment.

Empower employees to report suspicious emails

Turn your employees into one of your greatest cybersecurity assets with the PhishNotify™ email reporting plugin. Install the reporting button globally to allow employees to report emails on any device.

Employee-reported phishing simulations are recorded for learner-level reporting while real threats are removed from the employees inbox and placed in quarantine for your team to review.

Analyze & respond to employee-reported emails

PhishHunter™ automates the time-consuming task of email analysis, transforming your email quarantine from a pool of all employee-reported emails into a prioritized response queue.

All employee-reported emails are sanitized and organized by threat level so you can quickly and safely diagnose threats and orchestrate your attack response.

Frequently asked questions

  • How do phishing simulations teach employees to avoid phishing emails?
    • Even the best inbox filters and security tools fail to catch 100% of the phishing emails targeting your employees and organization. This makes teaching your employees how to prevent phishing attacks vital.

      A simulated phishing campaign allows you to not only test employees in the same environment where real phishing emails strike — their inbox — but it also lets you deliver training the moment the employee clicks a suspicious link to educate them in the teachable moment.

  • What happens when an employee clicks a simulated phishing email?
    • If an employee fails to recognize a simulated phishing email, clicks a link, opens an attachment or enters information on a spoofed domain, Infosec IQ automatically delivers training tailored to the event.

      This training is delivered in the teachable moment to help the employee recognize suspicious emails and learn how to stop phishing attacks from impacting your organization.

  • Can I run an Infosec IQ phishing test for free?
    • Yes! Run a free Phishing Risk Test and send a simulated campaign to 100 employees.

      We’ll send you the results in 24 so you can learn your organization’s phish rate and see who took the bait.

  • What are some of the most common phishing email examples?
    • Although new phishing scams appear nearly every week, we consistently see phishing attacks built around the following topics:

      Shipment notifications
      These emails typically spoof an online retailer such as Amazon or Walmart or a delivery company such as UPS. The phishing email informs the victim of a package arrival, baiting them to click a link or provide personal information to investigate the unknown delivery.

      Taxes
      Tax-related phishing scams occur throughout the year, but appear more frequently at the end of January when organizations provide employee W-2 forms and through tax day in April.

      Banks and payments
      Bank alerts and notifications from merchants and payment processors such as PayPal provide scammers an avenue to victims’ financial information. These scams frequently reference a fraudulent charge to trick victims into clicking a malicious link or providing personal information.

      Internal and corporate communications
      Business email compromise (BEC) attacks, spoofed messages from Human Resources and other corporate communication scams remain a common tactic for hackers to acquire credentials, employee records or even financial information.

  • Can I create my own simulated phishing templates?
    • Infosec IQ allows you to create your own phishing templates, copy real phishing scams your team encounters or edit any of the 1,000+ existing phishing templates to meet your needs.

      You can also customize or build your own phishing indicators, spoofed domains, landing pages, education pages and more.

  • Does Infosec IQ include international phishing templates?
    • Infosec IQ includes over 100 international phishing templates, translated and localized for multinational teams.

  • What types of phishing attacks can I send from Infosec IQ?
    • Infosec IQ’s phishing simulator supports multiple attack types including drive-by, data entry, business email compromise (BEC), spearphishing, malicious attachments and USB attacks.

      In addition to these attack types, Infosec IQ allows you to send from Phishy Domains, redirected phishing clicks to spoofed landing pages and track email replies to see if employees share sensitive information.

  • How can employees report both suspicious and also simulated phishing emails?
    • Install the PhishNotify™ reporting plugin to allow employees to report suspicious emails to your team. Once installed, the PhishNotify report button appears in your employees inbox, allowing them to report emails with a single click.

      Reported emails are sent to quarantine for your team to investigate and added to PhishHunter™ for automated analysis and sorting.

  • How can I encourage employees to report suspicious emails?
    • To start, make sure employees know how to report suspicious emails and what happens when they report both real phishing attacks and also simulated phishing emails. Solutions like Infosec IQ provide immediate feedback each time an employee reports an email by specifying whether the email was a simulated phish or potentially malicious.

      You can encourage employees to report suspicious emails by highlighting or congratulating top reporters or providing incentives to encourage participation.

  • Do Infosec IQ phishing templates use real company logos?
    • Yes. Infosec IQ’s phishing templates are designed to simulate malicious emails that attackers use. To establish credibility, several Infosec IQ templates incorporate recognizable brand logos.

      Does the use of these logos violate a brand’s trademark or copyright?

      The following is for informational purposes only and is not legally binding. Infosec cannot provide legal advice and recommends contacting an attorney for more information or guidance about trademarks and fair use.

      The foundation of a trademark infringement claim is based on confusion in the consumer’s mind about the source of the product or service represented. The use of brand logos in Infosec IQ phishing simulation emails is not to confuse recipients or misrepresent the source of the product or service, but to provide educational security and anti-phishing training. When a user clicks on a simulated phishing email incorporating a brand logo, the resulting landing page mitigates potential confusion by displaying a “whoops you were just phished” message before launching the relevant security awareness training. This immediately clarifies for the learner that there is no affiliation between Infosec and the logo/trademark owner and illuminates the point that this is for illustrative and educational purposes only. For Infosec clients that customize Infosec IQ’s anti-phishing templates, it’s important that this distinction is clearly made in their own emails and landing pages to avoid confusion.

      From a copyright point of view, including third party logos in simulated phishing emails constitutes fair use because the logos serve a new and transformative purpose.Using third party logos for security awareness and training purposes is not related to the sale of goods or services and therefore, does not undermine the copyright holder.

Infosec Named a Leader in 2019 Gartner Magic Quadrant

Recognized for ability to execute and completeness of vision in Security Awareness Computer-Based Training, learn the latest market trends and what we believe sets Infosec apart.