Prepare every employee with phishing simulations & training

Stop dreading the day a phishing attack slips past your cyber defenses. Get the peace of mind from knowing your employees are prepared if it happens.

How it works

Infosec IQ makes it easy to test your phishing susceptibility, train your workforce to avoid threats and inspire employees to report suspicious activity.
Step 1 Build or select template
Step 2 Test employee behaviors
Step 3 Train phished learners
Step 4 Quarantine reported emails

Train phished learners automatically

Clicking a simulated phishing email isn’t a failure. It’s an opportunity for your employees to learn.

Serve microlearning activities the moment an employee is phished to highlight the red flags they missed and remind them how to identify and report similar emails in the future.

Simulate the most sophisticated attacks

Prepare your employees for the most challenging threats they face by simulating the same domain spoofing techniques, typosquatting and attack types scammers find most effective.

Choose from 1,000+ pre-built phishing templates, updated weekly, or build your own emails to simulate threats most relevant to your organization.

Frequently asked questions

  • How do phishing simulations teach employees to avoid phishing emails?
    • Even the best email gateways and security tools fail to catch 100% of the phishing emails targeting your employees and organization. This makes teaching your employees how to prevent phishing attacks vital.

      Simulations go beyond phishing awareness training. A simulated phishing campaign allows you to not only test employees in the same environment where real phishing emails strike — their inbox — but it also lets you deliver training the moment the employee clicks a suspicious link to educate them in the teachable moment.

  • What happens when an employee clicks a simulated phishing email?
    • If an employee fails to recognize a simulated phishing email, clicks a link, opens an attachment or enters information on a spoofed domain, Infosec IQ automatically delivers training tailored to the event. This training is delivered immediately — in the teachable moment — to help the employee recognize suspicious emails and learn how to stop phishing attacks from impacting your organization.

  • What are some of the most common phishing email examples?
    • Although new phishing scams appear nearly every week, we consistently see phishing attacks built around the following topics.

      Shipment notifications
      These emails typically spoof an online retailer such as Amazon or Walmart or a delivery company such as UPS. The phishing email informs the victim of a package arrival, baiting them to click a link or provide personal information to investigate the unknown delivery.

      Taxes
      Tax-related phishing scams occur throughout the year, but appear more frequently at the end of January when U.S. organizations provide employee W-2 forms and through April when taxes are due.

      Banks and payments
      Bank alerts and notifications from merchants and payment processors such as PayPal provide scammers an avenue to victims’ financial information. These scams frequently reference a fraudulent charge to trick victims into clicking a malicious link or providing personal information.

      Internal and corporate communications
      Business email compromise (BEC) attacks, spoofed messages from Human Resources and other corporate communication scams remain a common tactic for hackers to acquire credentials, employee records or even financial information.

  • Can I create my own simulated phishing templates?
    • Infosec IQ allows you to create your own phishing templates, copy real phishing scams your team encounters or customize any of the 1,000+ existing phishing using our drag-and-drop template editor. You can also customize or build your own phishing indicator training, spoofed domains, landing pages, education pages and more.

  • Does Infosec IQ include international phishing templates?
    • Infosec IQ includes over 300 international phishing templates, translated and localized for multinational teams.

  • What types of phishing attacks can I send from Infosec IQ?
    • Infosec IQ’s phishing simulator supports the following phishing attack types:

      • Drive-by
      • Data entry
      • Business email compromise (BEC)
      • Spearphishing
      • Malware & malicious attachments
      • USB

      In addition to these attack types, Infosec IQ allows you to send from Phishy Domains, redirected clicks to spoofed landing pages and track email replies to see if employees share sensitive information.

  • How can employees report both suspicious and also simulated phishing emails?
    • Install the PhishNotify reporting plugin to allow employees to report suspicious emails to your team. Once installed, the PhishNotify reporting button appears in your employees’ inboxes, allowing them to report emails with a single click. Reported emails are sent to quarantine for your team to investigate and added to PhishHunter for automated analysis and sorting.