Measure, sensitize and educate

Phishing test and simulations

  From a wake-up call for everyone to targeted spear phishing or social engineering attacks

  Suitable for almost any company size

  Perfectly combinable with IS-FOX e-learning

 

Discover content now

 

1

2.000+ customers place their trust in us, from startups to large companies

Not just another phishing tool provider

Actual security awareness

There are countless providers of phishing simulation software these days. They all claim that if you use their software, you have everything you need. We see things differently. Security awareness is much more than just a regular phishing email followed by a short learning session.

  • Continuous phishing tests do address an important attack vector. But only one.
  • We see phishing simulations as one of many measures in a comprehensive security awareness campaign.
  • If you still "only" want to do a little phishing, we will of course do that too, even if it means losing some momentum.

The perfect addition for security awareness

Combine phishing simulations with a full-on e-learning or live event

Phishing simulations can be very useful as a "communicating element" for other awareness measures, e.g.

  • As a wake-up call at the start of a security awareness campaign.
  • As an invitation to a cyber security e-learning course, a (virtual) live event or an on-site security day.
  • To communicate new reporting channels for cyber incidents.
  • To communicate the new security intranet.

For successful security awareness, various measures are combined for a comprehensive campaign. We have a great deal of expertise in this area and are happy to show you what's possible.

Discover our e-learnings    Let's talk

 

Security Awareness Kampagnen Schulungen E-Learning Live Events
IS-FOX Logo Fuchs ohne Text

More than just a phishing tool

Full-service phishing simulations and true awareness

Consultation

What, who, why, when?

We define the objectives of the phishing simulation together:

  • Who do you want to test? All employees or only certain groups? Regions? Departments?
  • How often? Monthly? Quarterly? Annually?
  • Why? As a wake-up call for everyone or rather as continuous training? Or both?
  • What granularity should the evaluations have? At department level? Or by country?
  • How many resources/know-how do you have in-house? Do you also want to provide your own services?

We also advise you on the technical and legal advantages and disadvantages of various concepts and work with you to develop a viable concept within a few hours.

Tool selection

A fool with a tool is still a fool

Grady Booch, Software Engineer


In the second step, we recommend the most suitable tool according to the conceptual parameters.

GoPhish

The open source software GoPhish is simple and inexpensive. Ideally suited for “classic” phishing simulations, such as clicking a link, entering a password or executing an attachment - including QR code phishing. We can easily carry out 2 to 5 phishing simulations per year, even for tens of thousands of recipients.

Gophish Phishing Dashboard IS-FOX Phishing Test Simulation

 

Cyberdise

If the simulations are to be randomly distributed throughout the year, we use this professional phishing simulation software from Switzerland. Distribute different scenarios throughout the year, QR code phishing, etc. Anything is possible, nothing's mandatory.  

Cyberdise Dashboard IS-FOX Phishing Test Simulation
Scenario selection

Not too easy, not too hard

We select the most suitable scenarios together. We use our numerous best-practice scenarios or create individual scenarios for you.

Phishing Szenario Office 365 Test Simulation


We adapt the phishing email, the landing page and the resolution page visually and in terms of content to your company and the specific target groups.

And we make sure that the scenarios are realistic, coherent, yet recognizable - otherwise phishing simulations create exactly the opposite of what we actually intent.

Implementation

All-in-one service

We create the phishing server including the phishing simulation software. We integrate the chosen scenarios, register the required domains and test the technical functionality.

On the customer side, you only need to ensure once that emails are received (“whitelisting”) and that the simulation is not blocked. We have extensive information on whitelisting on our support pages.

After a final test, we send the emails to the defined target groups at the agreed times and monitor the process.

At the end, you will receive an (usually anonymized) evaluation of the “success” of each measure in a professional report, with graphics and benchmarks: how many emails were sent, how many were opened, how many people clicked, how much data was entered. Additional filters (country, region, department) can be defined on request.
 

IS-FOX Phishing Report Test Simulation

 

Integration

Telling a whole story

We ensure that the phishing campaign is integrated into the existing or planned awareness communication in the best possible way.

Security Awareness Kampagnen Schulungen E-Learning Live Events

 

Because phishing simulations have a lot of value besides just training for phishing specifically. If possible, we should not let this momentum go to waste. 

The right phishing test for everyone
From a one-time wake-up call to continuous simulations.

Single campaign

Let's just go phishing. 

Select your package, define your scenario, whitelist our emails and you're good to go! We offer a full service - with established best-practice scenarios and learning units and without any expensive annual software fees.

Let's talk 

Schulung für alle Unternehmensgrößen

Individual phishing

Tailored to your needs. 

Do you want to test continuously? Target specific groups? Simulate certain scenarios or convey certain messages? In combination with a live event, e-learning or as part of an awareness campaign? 

Get advice now

Why use phishing simulations by IS-FOX?
Because we are security specialists, not just a tool provider.
Security Specialist


Phishing with experts

Our security consultants, incident response specialists and social engineers know which attacks are successful in real life. That's why our scenarios are very realistic and not just “clumsy attempts” using the same senders every time.

Awareness Specialist


Added value through communication

Phishing simulations are an excellent communication tool for conveying security messages if they are intelligently embedded in security awareness measures. Phishing simulations alone only reduce a single risk. 

Flexible solutions


All-in-one service

We don't just want to sell you “that one software”, but always choose the solution that best suits our customers' needs. Sometimes this is simulation software, but often it is not. This is not only efficient, but also easy on the wallet.

We define a campaign as the creation and execution of a phishing simulation with a specific scenario to a specific target group on a specific day, for example the execution of the “Microsoft Teams invitation” phishing simulation to all employees worldwide on May 5.

The scenario is the respective “phishing scam” used in a campaign, for example “Microsoft Teams invitation” with user name and password input.

We create a dedicated phishing server including the phishing simulation software. We integrate the selected scenarios, register the required domains and test the technical functionality.

You only have to ensure once that the IP address is not blocked (“whitelisting”) and that the emails are accepted and delivered by your email server.

You send us the e-mail addresses of the recipients, including any evaluation parameters (location, department, etc.). After coordination, we send the e-mails to the defined target groups at the agreed times and monitor the process.

At the end, there is a (usually) anonymized evaluation of the “success” of the measures: How many emails were sent, how many were opened, how many people clicked, how much data was entered. Additional filters (country, region, department) can be defined on request.

For more detailed evaluations, we send the results in the form of an Excel file, which can then be further analyzed and pivoted.

Our credo: We don't want to investigate the misconduct of individuals, but rather sensitize users to the dangers of phishing attacks.

That's why our standard is: we know, our clients don't.

In order to be able to correctly evaluate click rates, phishing simulations generate individual emails with individual links. This means that clicks are recorded on a user basis.

Unless explicitly agreed otherwise with the customer, we do not provide access to the backend system, but aggregate the data into anonymous statistics and transmit these as part of the evaluation. Rough filters (e.g. by department, region or language) are of course still possible. We do not normally pass on any information that could be used to infer the behavior of a single individual. 

No! We ensure that in all simulations that require passwords to be entered, these do not leave the user's end device. We do not transmit any passwords entered. 

Of course. German security specialist, German data center.

We process email addresses and names in a phishing test. Although this information is associated with a low risk of damage in a data protection risk assessment, we naturally conclude a contract for order processing in accordance with the EU GDPR. The individual results of a phishing simulation are deleted after creation and transmission of the evaluation of the respective campaign.