Evaluating Susceptibility to Phishing and Spear Phishing

Our PhishGuru® simulated phishing attacks allows you to plan and execute an integrated cyber security program from a single interface. With this product, there is a direct relationship between simulated attacks and follow-up education. You can even automatically assign our interactive training modules to users who fall for a mock phishing assessment.


  • Provides a variety of customizable email templates that address three key testing factors: attachments (.docx, .xlsx, .pdf, .html, and .exe), embedded links, and requests for personal data.
  • Automatically presents any employee who falls for a mock attack with a Teachable Moment (see below), which explains the situation and provides practical guidance and tips for future reference.
  • Includes our PhishAlarm® one-click email reporting add-in. This email client add-in allows employees to report suspected phishing messages to your security and incident response teams with a single mouse click.
  • Supports multinational organizations by providing templates in more than 20 different languages.
  • Offers a Random Scheduling option, which spreads out and randomizes the distribution of emails to minimize the impact to your email servers and IT helpdesk. This function also reduces the chances that employees will figure out — and discuss — the mock attacks, which helps to preserve the integrity of your phishing data.
  • Allows you to automatically assign targeted training via our exclusive Auto-Enrollment feature. Any employee who falls for a simulated attack can be assigned the training module(s) of your choice. 
  • Provides extensive reporting (see below) about employee responses to various attack scenarios. You’ll also know whether employees fell for an attack through a mobile phone, a tablet, or a computer; the browsers they were using; and their locations when they fell for the attack.
  • Gets employees thinking about best practices and how to respond to future threats.
  • Sets the stage and makes employees more receptive to in-depth training.

Teachable Moments

Employees who fall for a PhishGuru simulated attack are automatically presented with an “intervention message.” You can route clicks to your own internal messaging or choose one of our customizable Teachable Moments. By utilizing “just-in-time teaching” at the moment an employee interacts with a mock phishing email, you can explain what happened, outline the dangers associated with real attacks, and give practical advice about avoiding future traps. You can select from three different message styles: 

  • Single-panel comic strip
  • Multi-panel illustration
  • Customizable landing page


Administrators can utilize dynamic or classic reports to track and analyze results related to different mock phishing attacks' "campaigns". 

Dynamic Reports

Our new, fuller-featured dynamic reporting functionality gives administrators more flexibility and additional insights into users’ interactions with simulated attacks. You can easily filter data, compare campaigns, quickly add and remove measurement factors, and more. The dynamic reports give access to the following:

  • Campaign Details Report – An alternative to the classic Campaign Events Report, this report provides granular data about one or more campaigns and the users involved in the campaign(s). Administrators can use the improved filtering capability to aggregate data by name, date range or other criteria. All data can be exported for further study.
  • Campaign Comparison Report – An alternative to the classic Campaigns Report, this comparison provides high-level summary data for your simulated phishing attack campaigns. Administrators can filter to show data for one or more campaigns by name, date range, or other criteria. Columns can be quickly added to or removed from the report data table.
  • User Failure Summary Report – This report — an alternative to the classic Repeat Offenders Report — summarizes user performance data against your simulated phishing attack campaigns. You can filter on several criteria to view user performance over a specfic timeframe, a specfic set of campaigns, or a minimum number of failures by the user. From this report, you can access a detailed view of an individual’s perfomance by clicking on the user’s name or email address (which will then take you to the User Failure Details Report).
  • User Failure Details Report – A companion to the User Failure Summary report, this data set offers a more comprehensive view than the classic Repeat Offenders Report. Administrators can use this to analyze individual performance rates against the overall campaign results. Filters allow selection of one or more campaigns.
  • PhishAlarm Reported Emails – This report shows the information reported via the PhishAlarm button, including the email type (Wombat Simulated Phish, Wombat Training Email, or Potential Phish), actions by end users, and time required to report potential phish. The information is displayed by first name, last name, email address, the time the email was sent, and the time the email was reported. With this information, now you can determine which users reported which types of emails, and whether an end user successfully spotted a simulated or potential phishing email.

Classic Reports

Following a more standard approach, our classic reports utilize bar charts and more traditional reporting techniques.

  • Campaigns Report – This at-a-glance report displays user responses to your simulated phishing attack campaigns. Bar charts show response rates following the distribution of each mock phishing email as well as daily activity reports post-send. From this report, you can also access more detailed analysis:
    • Campaign Event Report – Shows user activities such as email views, clicks on links/attachments, data entry submissions, and response rates. 
    • Device Type Report – Indicates the types of devices, operating systems, and browsers that were used by employees who fell for a mock phishing email, giving you insight into which devices your users are most vulnerable on.
    • Email Status Report – Shows the status of all emails sent as part of an individual campaign.
    • Network Map – Displays a map that pinpoints the IP addresses of the users who fell for a simulated attack.  This can help you identify anomalies in your data and see what regions are most susceptible.
  • Contact Groups Report – Provides an overview of results across multiple campaigns, broken out by group. This allows you determine the types of phishing messages users are most likely to fall for.
  • Repeat Offenders Report – Shows all the individuals who have failed at least two simulated phishing attack campaigns as well as the total number of campaigns each individual was included in.

Training: The Next Step

Mock attacks are most effective when paired with interactive training. Our 10- to 15-minute educational modules offer brief but focused training about the dangers associated with phishing attacks. Our education is based on proven Learning Science Principles that lengthen knowledge retention and drive behavior change.

Connecting the components of our Assess, Educate, Reinforce, Measure methodology can dramatically improve the efficacy of your security awareness and training program and further reduce your risks. Integration between mock attacks and education can increase completion rates five- to tenfold; our data has shown that employees who fall for mock attacks are up to 90% more likely to complete follow-up training.