Wide Variety of Customizable Templates
The ThreatSim phishing tool supports more than 550 templates across more than 30 languages. Our variety of templates address three key testing factors: embedded links, requests for personal data, and attachment downloads (.pdf, .doc, .docx, .xlsx, and .html). Average failure rates for each template are visible within the phishing tool, which allows administrators to gauge difficulty prior to campaign creation.
The acquisition of Wombat by Proofpoint allows for a unique integration, using real, “in-the-wild” data from Proofpoint’s Targeted Attack Protection. Wombat will be delivering new ThreatSim phishing templates that use Proofpoint’s threat intelligence data, helping to create simulated attacks that will challenge the user’s ability to respond to the most relevant threats of today.
Administrators can also customize the content in any template, or create their own. This flexibility allows organizations to quickly and easily create timely phishing tests that mimic threats seen in the wild and within their own networks.
We strongly suggest that all employees who fall for a ThreatSim Phishing Simulation be automatically presented with an “intervention message” (which we like to call a Teachable Moment). By utilizing “just-in-time teaching” at the moment an employee interacts with a mock phishing email, you can explain what happened, outline the dangers associated with real attacks, and give practical advice about avoiding future traps.
We offer several formats — including static and animated landing pages, short videos, and interactive challenges — for our Teachable Moments and allow you to tailor the message as you see fit. A selection of static landing pages is available in more than 30 languages, which allows your global employees to view key messages in their native languages. You can also opt to route clicks to your own internal messaging.Learn More
Wombat was first-to-market with this time-saving feature that allows you to automatically assign follow-up training to anyone who falls for a ThreatSim Phishing Simulation. While you can still assign training to everyone, Auto-Enrollment allows you to quickly deliver targeted training to your most susceptible end users. This approach can dramatically improve the efficiency of your program and engage those who need the most attention.
Our PhishAlarm® one-click email reporting tool is included with a ThreatSim license at no additional cost. This email client add-in allows employees to report suspicious messages to your security and incident response teams with a single mouse click. We recommend adding our PhishAlarm Analyzer anti-phishing email analysis tool, which utilizes machine learning to prioritize emails reported via PhishAlarm and enables faster remediation of the most dangerous threats on your network.Learn More
This option spreads out the distribution of phishing simulations to minimize the impact to your email servers and IT helpdesk. This function also reduces the chances that employees will figure out — and discuss — the phishing test, which helps to preserve the integrity of your assessment data.
Multiple Templates in a Single Campaign
ThreatSim gives you the option to use multiple simulated attack templates in a single assessment campaign, which helps to minimize the likelihood that end users will identify the phishing test. When combined with our Random Scheduling feature, this approach provides the purest test of end-user susceptibility to a phishing attack.
ThreatSim provides extensive analytics and reporting about employee responses to various phishing attack scenarios. You’ll also know whether employees fell for an attack through a mobile phone, a tablet, or a computer; the browsers they were using; and their locations when they fell for the attack.Learn More
Weak Network Egress
ThreatSim offers an optional Weak Network Egress function, which can help detect data egress from users’ PCs and, as a result, allow security personnel to identify and modify security controls to reduce potential threats.
ThreatSim gives you the option to check for browser vulnerabilities, with the capability to flag out-of-date (and potentially vulnerable) third-party plug-ins on end-user PCs.
Most importantly, it gets employees thinking about best practices and how to respond to future threats.Learn More