Evaluating Susceptibility to Phishing and Spear Phishing

Our ThreatSim® Phishing Simulations are an excellent addition to any security awareness training program, particularly those that are focused on fighting phishing attacks. Our ThreatSim tool allows you to deliver simulated phishing emails and customizable Teachable Moments, which display targeted "just-in-time teaching" messages to individuals who fall for a mock attack.

Using the SaaS-based ThreatSim interface, you can develop and administer preconfigured or customized attack campaigns and Teachable Moments in more than 25 languages. Comprehensive reporting functions allow you to understand your organization’s risk and respond accordingly.

Request a Demo


ThreatSim Phishing Simulations can be used as standalone assessments or can be paired with our interactive training modules to deliver a more comprehensive cybersecurity education program. With our Anti-Phishing Training Suite, you can utilize our unique Auto-Enrollment feature to automatically assign follow-up training to any user who clicks on a simulated phishing email.

Looking for PhishGuru?

How Does ThreatSim Fit Into my Security Awareness and Training Program?

Mock attacks are excellent standalone tools, but they are most effective when paired with interactive training. Our 10- to 15-minute standard modules and 5- to 7-minute mini-modules offer brief but focused training about the dangers associated with phishing attacks. Our education is based on proven Learning Science Principles that lengthen knowledge retention and drive behavior change.

Connecting the components of our Assess, Educate, Reinforce, Measure methodology can dramatically improve the efficacy of your security awareness and training program and further reduce your risks. Integration between simulated attacks and education can increase completion rates five- to tenfold; our data has shown that employees who fall for mock attacks are up to 90% more likely to complete follow-up training. Our Anti-Phishing Training Suite creates a link between ThreatSim Phishing Simulations and our education modules, allowing you to automatically deliver training to your most susceptible users.

Learn More
security awareness training methodology

ThreatSim Features

Our variety of templates address three key testing factors: embedded links, requests for personal data, and attachment downloads (.pdf, .doc, .docx, .xlsx, and .html).

We strongly suggest that all employees who fall for a ThreatSim Phishing Simulation be automatically presented with an “intervention message” (which we like to call a Teachable Moment). By utilizing “just-in-time teaching” at the moment an employee interacts with a mock phishing email, you can explain what happened, outline the dangers associated with real attacks, and give practical advice about avoiding future traps.

We offer several formats — including static and animated landing pages, short videos, and interactive challenges — for our Teachable Moments and allow you to tailor the message as you see fit. A selection of static landing pages is available in more than 25 languages, which allows your global employees to view key messages in their native languages. You can also opt to route clicks to your own internal messaging.

How it Works

Multinational support allows administrators to deliver simulated attacks and Teachable Moments in more than 25 languages, which means you can assess your global employees in their native languages.

Learn More

Includes our PhishAlarm® one-click email reporting tool. This email client add-in allows employees to report suspicious messages to your security and incident response teams with a single mouse click, and supports our PhishAlarm Analyzer anti-phishing email analysis tool, which utilizes machine learning to prioritize emails reported via PhishAlarm and enables faster remediation of the most dangerous threats on your network.

Learn More

This option spreads out the distribution of emails to minimize the impact to your email servers and IT helpdesk. This function also reduces the chances that employees will figure out — and discuss — the mock attacks, which helps to preserve the integrity of your assessment data.

ThreatSim gives you the option to use multiple simulated attack templates in a single assessment campaign. This further reduces the likelihood that end users will identify the mock attack; when combined with our Random Scheduling feature, this approach provides the purest test of end-user susceptibility to a phishing attack.

ThreatSim provides extensive analytics and reporting about employee responses to various attack scenarios. You’ll also know whether employees fell for an attack through a mobile phone, a tablet, or a computer; the browsers they were using; and their locations when they fell for the attack.

Learn More

ThreatSim offers an optional Weak Network Egress function, which can help detect data egress from users’ PCs and, as a result, allow security personnel to identify and modify security controls to reduce potential security threats.

ThreatSim gives you the option to check for browser vulnerabilities, with the capability to flag out-of-date (and potentially vulnerable) third-party plug-ins on end-user PCs.

Most importantly, it gets employees thinking about best practices and how to respond to future threats.

How it Works

The Wombat Advantage

Wombat customers have access to the following suite of premium services at no additional cost:

Customer Success Manager

Award-Winning Support

Multinational Support

Unlimited Platform Use

Wombat Wisdom

Real-Time Reporting