How to Run a Phishing Test on Your Employees

Is your company safe from phishing attacks? There are two ways to find out: either through a pre-planned simulation or an actual event. In this article, we’ll show you how to run a phishing test on your employees that will let you know how vulnerable you are before it’s too late.


In order to find out how vigilant your employees are against various forms of phishing attacks, InfoSec Institute has created the SecurityIQ platform and its application PhishSim. PhishSim, as the name implies, is a simulator that sends out phony phishing emails. However, instead of containing a link to a malicious website or virus, PhishSim sends those that click it to a landing page that informs them of their error. This landing page can be customized and branded to your company.

Email Templates

PhishSim makes it very easy to run a test on your employees. We have an Email Template Library that cover a wide range of standard phishing messages. These include templates created by InfoSec Institute as well as those from our user base. They are grouped into subjects such as Banking, Corporate Communications, and even Highest Phish Rate.

The templates all have information such as Difficulty, Open Rate and Phish Rate. You can select an email template that suits your company as-is, or you can duplicate it and modify as you see fit. You can also select New Template to create your own.

A few of the Banking Templates

Additionally, there are Data Entry Templates, which simulate login pages to such things as bank or email accounts. These can be used with Email Templates for a more sophisticated phishing simulation.


Paired with the phishing emails are Educations – a landing page with a message to anyone that clicks on the link, informing them that they have (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Stephen Moramarco. Read the original post at: