Phishing Simulation Campaigns to Test Employees
Phishing is the most common form of social engineering attack. Around 90% of organisations experiencing targeted phishing attacks, and 22% of all breaches involving a phishing element.
- Reduce phishing risk
- Measure your training efficacy
- Avoid ransomware and spear phishing
Find out how Hut Six's Phishing Simulator can help you
What is Simulated Phishing Training?
Phishing simulation helps protect your organisation by training your employees to identify, avoid and report suspicious emails. Phishing your employees is a way to teach them about the tactics and techniques cyber criminals use to steal their personal information.
Attackers use phishing as a way to steal sensitive information such as logins, credit card numbers and identities. These attacks can be personalised through social media and deliver malicious payloads of malware, ransomware and spyware.
As phishing is a distressing and worrying crime it is important that our simulated phishing is ethical. Rather than being used as a metric by which to punish employees, it needs to be an educational experience. Ethical phishing enables you educate users about the threats they face without causing additional stress or worry on behalf of the employees.
Phishing simulation tests also provides you with insights into potential risks. Understanding your employees’ actions and measuring their progress helps you manage your email security risk.
How to Defend Against Phishing Attacks?
Network security systems, spam filters, email gateways and firewalls all play an important role in protecting an organisation from phishing threats. However, without informed and vigilant users these protections are never going to be a total solution to phishing scams.
Enabling staff to defend against phishing protects your organisation and ensures your technological security investments are worthwhile. It also provides individuals with skills that can be transferred into preventing cyber crime their personal lives.
Reduce phishing risk
A single successful phishing attack can damage your organisation through lost time, revenue and client opinion. By measuring user interaction and educating people you can minimise the risks of clicking on dangerous emails, links and attachments. One of the key benefits of phishing training is encouraging employees to report phishing.
By launching simulated phishing campaigns, you can keep employees up-to-date and vigilant against the latest in phishing threats. With tell-tale malicious elements, you can record which of your people need further information security training.
Key Phishing Facts
94% of malware was delivered by email. Although from the combined results of multiple security awareness vendors click rates in simulated phishing are going down to 3% from 25% in 2012.
77% of all UK workers have never received any form of information security training.
According to UK government research, in 2021, 83% of businesses experienced phishing attacks against their organisation.
Attacks are only getting more sophisticated. More than two-thirds (68%) of all phishing sites use SSL protection.
What makes Hut Six's Phishing Simulator different?
Creating a Simulated Attack
Hut Six simulated phishing tests specialise in three stage attacks. These measure open rates, click rates and whether the user falls for the attack.
Simulated Phishing Emails
These templates mirror the most effective phishing tactics employed in real-world attacks. They use customisable attachments, images, HTML and user information, such as the user’s name and email address to test phishing susceptibility. Select from our range of custom security awareness email templates. Or you can design your own bespoke spear-phishing emails with our editor.
Custom phishing landing pages
The phishing landing page tests if the target is willing to divulge personal information to a potential attacker. This data is not be stored or transmitted; the only information sent acknowledges that the user had completed the form.
Each phishing landing page is specific to the attack and adds to the realism of the campaign. These pages can mimic social media logins, file sharing sites, banking, email and other important digital services.
If a user is caught out by a simulated phishing attack, they are automatically taken to attack specific training modules. The tutorial will explain how the user could have spotted that it was a phishing email/web-page.
Specific phishing red flags
If a user successfully navigates the phishing emails they are congratulated at the end of the campaign. This phishing simulation test reinforces positive behaviour. It is important to clarify exactly what tactics the phishing scam was employing.
How to Use our Phishing Simulation Platform
Our flexible platform makes creating simulated phishing campaigns simple.
Target User Groups
Target different users and groups with attacks tailored to their behaviours and performance in past training. Adapt these groups as the campaign progresses to reactively train your organisation.
Schedule your campaign
Select the duration of the campaign and the times of day the phishing emails will be sent to your employees. Our system will then randomise delivery across your workforce.
Craft your Phishing Attacks
Choose from our range of phishing templates or create your own attacks to have the greatest impact for your particular organisation. Include attachments and links to gather more data.
Custom Phishing Editor
Customise your own simulated phishing attacks with our drag and drop editor and test your users against spear phishing. We developed this template creator to enable our clients to create their own custom phishing email templates. These cyber security awareness email templates each have a corresponding on-the-spot training page. Build your email attack with drag and drop text, personal information placeholders, image and video elements with our simple graphical interface. The editor also accepts html uploads for particularly convincing real world scams. Such as mimicking office 365. These templates can then be scheduled and deployed in a phishing campaign alongside regular templates.
Measure Behaviour Change
With Hut Six’s learning management system (LMS), employers can assess and track the performance of staff in the campaigns. Hut Six’s comprehensive solution builds a security aware culture by focusing on achieving meaningful behaviour change. Our dashboard displays comprehensive metrics, including open rates, click through rates, submissions and attack types, are measured across different user groups. Exportable phishing simulation reports show learning outcomes from the campaigns and can inform improvement over time.
Anti phishing training program
Security awareness training is part of any anti phishing strategy. Phishing simulation vendors' training solutions can vary in their sophistication and focus on education. We recommend using the phishing attack simulator to augment your training activities. By educating your staff regularly with interactive and engaging tutorials, you help to improve compliance, reduce the risk of successful cyber attack. Hut Six delivers an ongoing security awareness training program that covers all aspects of information and cyber security.
Hut Six's Phishing Simulation Tool
Simulated Phishing Email Campaigns
Real-time reporting and exportable pdfs per campaign
Easily configurable phishing testing through the Hut Six wizard
Consistently updated phishing attack template library
Personal information placeholders allow you to simulate spear phishing at scale
Multi-stage attacks which test the user and "steal" personal information
Randomised email scheduling, automated accounting for time zones
On-the-spot training for users who fall victim to the phishing attack
Single Sign On (SSO), Active Directory Integration for user management
Accessible across browsers and mobile compatible
Phishing results reports across user groups and individuals
Analysis of phishing risk by attack template and attack type
Improved email security within your organisation
Change employee actions with simulated phishing campaigns
Assess employee response to cyber threats with customised phishing templates
Meet compliance obligations such as ISO27001, Cyber Essentials, GDPR
Help your security team manage phishing risk for your organisation
Interactive landing pages improve the realism and the learning experience
Concise on-the-spot training educates users at the crucial moment
All-in-one phishing simulation and training cybersecurity awareness reports
Track your phishing performance over time to see risk reduction
Automated setup reduces your workload in delivering phishing campaigns
Reinforce security training with tests in the real world
Demonstrate risk to your board and stakeholders with metrics
Our Successful Phishing Case Studies
Office for National Statistics
“Hut Six has been the most successful third-party security awareness platform we have used to date...”
Jamee Davies, Information Security Systems Manager
“The Hut Six team have been amazing in their understanding of our needs as a business...”
Nigel Barge, IT Infrastructure Operations Manager
“Hut Six removes the ‘boring’ from compliance without losing the importance of the message...”
Salvatore Baglieri, Head of Learning and Development
Ready to start building a secure culture within your organisation?
Start your Free Trial
Sign up for a free, 14-day trial. Experience the platform and show it to your team before making any decision with no payment details required.
Book a Meeting
Meet with one of our team for a walk through of our phishing email simulator and to help us gain an understanding of your security awareness requirements.
A Guide to Types of Sensitive Information
Discover the types of sensitive information that require special handling and protection. Learn about personally identifiable information (PII), trade secrets, intellectual property, financial data, medical records, legal case details, and classified government documents.
ISO 27001 Certification Process
Obtain a comprehensive step-by-step guide to achieve ISO 27001 certification for your business. Understand the benefits of ISO 27001, such as enhanced information security, stakeholder confidence, regulatory compliance, and continual improvement.
Cyber Essentials Checklist
Discover the essential checklist for Cyber Essentials certification, including requirements and steps to meet. Learn how to evaluate, implement, and document cybersecurity measures to obtain certification and comply with industry standards.
What is Data Destruction
Discover the importance of data destruction and why it's crucial in today's digital age. Learn how to protect yourself and your business from data breaches and ensure the safe and responsible handling of confidential data.