Evaluating Susceptibility to Phishing and Spear Phishing

Our newly acquired ThreatSim® simulated attack tools and our Wombat-designed PhishGuru® mock phishing products can help you gauge your employees’ understanding of the dangers associated with phishing and spear phishing. Delivering the initial component of our Assess, Educate, Reinforce, Measure methodology, these assessments can help protect your corporate systems from malware, spyware, and other dangerous software.

Through mock attacks, you can evaluate your organization’s level of susceptibility without exposing your network to an actual attack. This helps you establish a baseline understanding of how vulnerable your organization could be to these dangerous and pervasive social engineering threats.

Both products pair simulated attacks with just-in-time teaching — which makes these assessments an excellent forerunner to our interactive training modules. This approach motivates and engages your employees; data has shown that employees who fall for a mock attack are up to 90% more likely to complete follow-up training.

ThreatSim Attack Simulations

Our newly acquired ThreatSim attack simulation tools are an excellent option if you are looking to deliver a phishing-focused assessment program. ThreatSim currently operates as a standalone mock attack system with optional "just-in-time teaching" that gives administrators the opportunity to deliver targeted messages to individuals who fall for simulated phishing emails.

Using the ThreatSim interface, you can develop and administer preconfigured or customized attack campaigns and activate just-in-time Teachable Moments. Comprehensive reporting functions allow you to understand your risk and respond accordingly.

To create a more comprehensive program, follow ThreatSim attacks with Wombat interactive training, which is managed via our Security Education Platform. For a fully integrated, single-platform approach to assessments and training, opt for PhishGuru.

PhishGuru Mock Phishing Attacks

Our PhishGuru anti-phishing software — which won a PC Magazine's Editor's Choice Award — is fully integrated with the Wombat Security Education Platform, which allows you to plan and execute an integrated cyber security program from a single interface. With this product, there is a direct relationship between simulated attacks and follow-up education. You can even automatically assign our interactive training modules to users who fall for a mock phishing assessment.


  • Provides a variety of customizable email templates that address three key testing factors: attachments (.docx, .xlsx, .pdf, .html, and .exe), embedded links, and requests for personal data.
  • Automatically presents any employee who falls for a mock attack with a Teachable Moment (see below), which explains the situation and provides practical guidance and tips for future reference.
  • Includes our PhishAlarm™ one-click email reporting button. This email client add-in allows employees to report suspected phishing messages to your security and incident response teams with a single mouse click.
  • Supports multinational organizations by providing templates in 20 different languages.
  • Offers a Random Scheduling option, which spreads out and randomizes the distribution of emails to minimize the impact to your email servers and IT helpdesk. This function also reduces the chances that employees will figure out — and discuss — the mock attacks, which helps to preserve the integrity of your phishing data.
  • Allows you to automatically assign targeted training via our exclusive Auto-Enrollment feature. With this convenient and effective administrative tool, any employee who falls for a simulated attack can be assigned the training module(s) of your choice. 
  • Provides extensive analytics and reporting about employee responses to various attack scenarios. You’ll also know whether employees fell for an attack through a mobile phone, a tablet, or a computer; the browsers they were using; and their locations when they fell for the attack.
  • Gets employees thinking about best practices and how to respond to future threats.
  • Sets the stage and makes employees more receptive to in-depth training.

Teachable Moments

Employees who fall for a PhishGuru simulated attack are automatically presented with a unique Teachable Moment. This just-in-time teaching approach is a great way to set the stage for future in-depth training and motivates employees to learning best practices and exhibit safe behaviors.

You can route clicks to your internal training, or you can choose one of our customizable, 15- to 30-second Teachable Moments. These pop-up alerts inform employees about the mock attack, explain the dangers associated with real attacks, and give practical advice and tips they can use to avoid future traps. You can select from three different teaching methods: 

  • Single-panel comic strip
  • Multi-panel illustration
  • Customizable landing page

Training: The Next Step

Mock attacks are most effective when paired with interactive training. Our 10- to 15-minute educational modules offer brief but focused training about the dangers associated with phishing attacks. Our education is based on proven Learning Science Principles that lengthen knowledge retention and drive behavior change.

Connecting the components of our Assess, Educate, Reinforce, Measure methodology can dramatically improve the efficacy of your security awareness and training program. Integration between mock attacks and education has been shown to increase completion rates five- to tenfold. Our data has shown that employees who fall for mock attacks are up to 90% more likely to complete follow-up training. By taking advantage of this opportunity to integrate simulated attacks and training, you can significantly improve the efficacy of your program and further reduce your risks. 

Request a Demo