Skip to content
Phishing Simulation

Phishing simulations that change behaviour.

Realistic campaigns from current attack patterns — with on-click coaching at the moment of the click and audit-grade reporting.

Demo buchen →
How a campaign runs

Four steps from setup to report.

A simulation runs fully automated — from configuration through to the learning moment.

  1. 01 · Configure

    Choose audiences & templates

    Select target groups, languages, and industry templates. Use your own sender domain or ours.

  2. 02 · Send

    Staggered delivery

    Via your own or our sender domain, time-staggered to bypass spam filters and simulate realistic conditions.

  3. 03 · Learning moment

    On-click coaching

    Anyone who clicks immediately sees a learning card with the explanation — at the right moment, without shaming.

  4. 04 · Reporting

    Click rates & risk clusters

    Click rates, risk clusters, trend vs. previous quarter — exportable as PDF and CSV.

Template gallery

Scenarios from real-world attacks.

All templates are based on documented attack patterns. Risk levels: Red = high, Orange = medium, Yellow = low.

Risk: High

Microsoft 365 — Account locked

Fake Microsoft notification with urgency language and spoofed branding.

Risk: Medium

DHL — Parcel waiting

Parcel notification with a fake tracking link for credential harvesting.

Risk: Medium

PayPal — Authorise payment

Urgent payment request with a login phishing page.

Risk: Medium

HR — Bonus payout

Internal HR notice requesting bank details update for salary payment.

Risk: High

CEO call (BEC)

Business email compromise: urgent wire transfer request in the name of management.

Risk: High

QR code at reception (quishing)

Physical QR-code attack — a new attack pattern with a high success rate.

Integration with your stack

No silos, no duplicate work.

We integrate with the security infrastructure you already run.

Microsoft

Microsoft 365 & Defender

Native allowlisting via Defender for Office 365, campaign results visible in the Defender console.

Google

Google Workspace (Gmail)

Allowlists via Google Admin Console, reports available as Drive export.

Cisco

Cisco Email Security

Bypass rules for simulation, incidents can be integrated into the Cisco SecureX dashboard.

BSI

BSI-CERT reporting

Reports in BSI-compatible format for ORP.3 evidence and reporting obligations.

FAQ

Three questions customers often ask.

+Do simulations demotivate employees?

No — when done right. Our approach focuses on learning without blame: anyone who clicks sees a neutral learning card. No names in reports, no sanctions. Studies show this approach sustainably reduces click rates.

+Do we need to involve our IT department?

Minimally. We need an allowlist entry in your email gateway and a rule for our sender domain. This typically takes under an hour. SSO integration (Azure AD, Okta) is optional but recommended.

+How often should we simulate?

At least four times per year — once per quarter — to track the trend. More intensive programmes (monthly) typically show 40–60% lower click rates after six months.

Ready to take awareness seriously?

30-minute demo. We'll show you a real phishing campaign, a quarterly report, and the NIS2 mapping — for your industry.

Book a demoContact us
Phishing Simulation — Awareness-as-a-Service