Evaluating Susceptibility to Phishing and Spear Phishing

Our ThreatSim® attack simulation product is an excellent option if you are looking to deliver a phishing-focused security awareness training program. The ThreatSim mock attack system allows you to deliver simulated phishing emails with embedded Teachable Moments, which display targeted "just-in-time teaching" messages to individuals who fall for a simulated attack.

Using the SaaS-based ThreatSim interface, you can develop and administer preconfigured or customized attack campaigns and Teachable Moments in more than 25 languages. Comprehensive reporting functions allow you to understand your organization’s risk and respond accordingly.

ThreatSim can operate as a standalone assessment tool or can be paired with our interactive training modules to deliver a comprehensive education program. With our Anti-Phishing Training Suite, you can utilize our unique Auto-Enrollment feature to automatically assign follow-up training to any user who clicks on a simulated phishing email.


  • Provides a variety of customizable email templates that address three key testing factors: attachments (.pdf, .doc, .docx, .xlsx, and .html), embedded links, and requests for personal data.
  • Automatically presents any employee who falls for a mock attack with a Teachable Moment (see below), which explains the situation and provides practical guidance and tips for future reference.
  • Allows administrators to deliver simulated attacks and Teachable Moments in more than 25 languages, which means you can assess your global employees in their native languages. (See our Multinational Support page for the full list of available languages.)
  • Includes our PhishAlarm® one-click email reporting tool. This email client add-in allows employees to report suspicious messages to your security and incident response teams with a single mouse click.
  • Supports our PhishAlarm Analyzer anti-phishing email analysis tool, which utilizes machine learning to prioritize emails reported via PhishAlarm and enables faster remediation of the most dangerous threats on your network.
  • Offers a Random Scheduling option, which spreads out the distribution of emails to minimize the impact to your email servers and IT helpdesk. This function also reduces the chances that employees will figure out — and discuss — the mock attacks, which helps to preserve the integrity of your assessment data.
  • Provides extensive analytics and reporting about employee responses to various attack scenarios. You’ll also know whether employees fell for an attack through a mobile phone, a tablet, or a computer; the browsers they were using; and their locations when they fell for the attack.
  • Offers an optional Weak Network Egress function, which can help detect data egress from users’ PCs and, as a result, allow security personnel to identify and modify security controls to reduce potential security threats.
  • Gives you the option to check for browser vulnerabilities, with the capability to flag out-of-date (and potentially vulnerable) third-party plug-ins on end-user PCs.
  • Gets employees thinking about best practices and how to respond to future threats.

See how ThreatSim works ›



Employees who fall for a ThreatSim simulated attack are automatically presented with an “intervention message.” You can route clicks to your own internal messaging or choose one of our customizable Teachable Moments. By utilizing “just-in-time teaching at the moment an employee interacts with a mock phishing email, you can explain what happened, outline the dangers associated with real attacks, and give practical advice about avoiding future traps.

We offer several formats — including static and animated landing pages, short videos, and interactive challenges — for our Teachable Moments and allow you to tailor the message as you see fit. A selection of static landing pages is available in more than 25 languages, which allows your global employees to view key messages in their native languages.


Training: The Next Step

Mock attacks are excellent standalone tools, but they are most effective when paired with interactive training. Our 10- to 15-minute standard modules and 5- to 7-minute mini-modules offer brief but focused training about the dangers associated with phishing attacks. Our education is based on proven Learning Science Principles that lengthen knowledge retention and drive behavior change.

Connecting the components of our Assess, Educate, Reinforce, Measure methodology can dramatically improve the efficacy of your security awareness and training program and further reduce your risks. Integration between mock attacks and education can increase completion rates five- to tenfold; our data has shown that employees who fall for mock attacks are up to 90% more likely to complete follow-up training. Our Anti-Phishing Training Suite links simulated attacks to education, allowing you to automatically deliver training to your most susceptible users. 

Read more about our Anti-Phishing Training Suite › 

Request a Demo

Looking for PhishGuru?