Our security awareness training products helps security officers and their teams reduce risks associated with phishing attacks, including those that carry ransomware. Wombat Security customers have used our Anti-Phishing Training Suite and our Continuous Training Methodology to reduce their susceptibility to successful phishing attacks and malware infections by up to 90%. Join them and make our unique, four-step Assess, Educate, Reinforce, Measure approach the foundation of your security awareness training program.

Request a Demo ›





Our ThreatSim® Phishing Simulations allow you to quickly and effectively assess how susceptible your employees are to phishing and spear phishing attacks. Using the ThreatSim simulated phishing tool, you can:

  • Evaluate users' responses to multiple threat vectors: malicious links, dangerous attachments, and fraudulent requests for personal data.
  • ThreatSim offers more than 500 different phishing templates across 30 languages and 13 categories. New templates are added on a monthly basis, based on customer requests, seasonal topics, and phishing emails seen in the wild.
  • Measure and compare results at the campaign and user levels using our in-depth reporting tools.

ThreatSim also allows you to set the stage for future training. Employees who fall for a simulated attack are automatically presented with a Teachable Moment, which is a customizable “just-in-time teaching” message that alerts end users about the mock attack, explains the dangers associated with real phishing emails, and gives practical advice and tips they can use to avoid future traps. 

Plus, initiating follow-up training is easy with our Auto-Enrollment feature. Any user who falls for a ThreatSim email can be automatically scheduled for the interactive training module of your choice. 

Read more about ThreatSim ›



Interestingly, simulated attacks can help motivate users to take training. Our results have shown that users who fall for mock phishing emails are 90% more likely to complete follow-up education — which is critical for long-term behavior change.

We recommend that your security awareness training program include targeted training as well as organization-wide education:

  • Utilize our Auto-Enrollment feature to automatically schedule training assignments for any users who fall for a simulated attack (our mini-modules are ideal for focused follow-up education).
  • Deliver organization-wide training to ensure that everyone receives the same message and works toward a common goal. Since today's non-clicker could be tomorrow's patient zero, creating company-wide assignments is the best way to deliver consistent, actionable training that drives lasting behavior change.
  • Choose from a selection of game-based and scenario-based interactive training, as well as a mix of mini-modules (which take about 5 to 7 minutes to complete) and standard modules (which are generally completed in 10 to 15 minutes).
  • Incorporate customized content as desired at beginning and end of each module to communicate company policies, provide training completion certificates, and more.

Those who license our Anti-Phishing Training Suite can select three of the following diverse training choices:

  • Securing your Email – Fundamental – This series of four mini-modules gives you access to brief but thorough training that targets specific risks to email users. The series (which counts as one of your three selections) includes these modules:
    • Introduction to Phishing
    • Avoiding Dangerous Links
    • Avoiding Dangerous Attachments
    • Data Entry Phishing
  • Securing your Email – Advanced – Build upon the Securing Your Email - Fundamental series with these three highly-focused modules about sophisticated email threats.The series (which counts as one of your three selections) includes these modules:
    • Email Protection Tools
    • Email Security on Mobile Devices
    • Spear Phishing Threats
  • Email Security or Anti-Phishing Phyllis™ – These two differently styled game-based modules each teach users to identify and avoid common phishing traps.
  • Protecting Against Ransomware – This brief but comprehensive mini-module helps employees understand the ransomware threat and how to prevent these types of malware infections.
  • URL Training or Anti-Phishing Phil™ – These two differently styled game-based modules each teach users to recognize the parts of a URL and identify malicious links.
  • Social Engineering – This module looks at social engineering beyond the phish and helps users identify techniques commonly used in smishing (SMS/text phishing), vishing (voice phishing), and in-person impostor attacks.

Try our interactive training modules ›


“URL  Social Engineering 



“email  “email 

Because phishing attacks continue to become more sophisticated, it’s critical to keep reinforcing best practices to improve retention. Our Anti-Phishing Training Suite helps you do this in several ways:

  • Our PhishAlarm® email reporting tool (an email client add-in that is included at no extra charge with ThreatSim Phishing Simulations) enables your employees to report a suspected phishing email with a single mouse click. Users are able to apply their knowledge, and they receive a "thank you" message when they report a message to reinforce this positive behavior.
  • Our optional PhishAlarm Analyzer email prioritization tool helps maximize the capabilities of PhishAlarm and streamline response and remediation efforts on reported emails.
  • Our unlimited-use yearly license is part of the Wombat Advantage; it allows you to deliver continuous assessments and training with no restrictions. You can test responses to different styles of phishing and spear phishing messages, deliver targeted training to users who are vulnerable to these types of attacks, and regularly educate your user base at large.

Read more about PhishAlarm and PhishAlarm Analyzer ›

Read more about the Wombat Advantage ›






 Measure and Analyze Results

Measurement is a key component of all our security awareness and training products because tracking and analysis provide value on many levels, including identification of ROI.

We offer a range of detailed reports that give you broad and granular insights into the results of your assessments and training. Analysis tools help you determine which mock attack to send next and the areas in which your users are likely to benefit from additional education.

The information you have access to can be used to support a number of key initiatives:

  • Reporting to Board members and other stakeholders
  • Integrating employee training data with other metrics for better measurement of cross-organizational cybersecurity initiatives
  • Securing cybersecurity insurance policies
  • Providing proof of awareness and training activities to key partners, business associates, and other interested third parties
  • Improving processes related to internal and external cybersecurity audits

Read more about our dynamic reporting capabilities ›



To learn more about the Anti-Phishing Security Awareness Training and Program, including our suggested program plan, which maps out a recommended schedule for assessments and training assignments, request a demo.

Request a Demo ›