Phishing Simulation Campaigns to Test Employees

Phishing is the most common form of social engineering attack. Around 90% of organisations experiencing targeted phishing attacks, and 22% of all breaches involving a phishing element.

  • Reduce phishing risk
  • Measure your training efficacy
  • Avoid ransomware and spear phishing

Find out how Hut Six's Phishing Simulator can help you

Employee completes anti phishing training

What is Simulated Phishing Training?

Phishing simulation helps protect your organisation by training your employees to identify, avoid and report suspicious emails. Phishing your employees is a way to teach them about the tactics and techniques cyber criminals use to steal their personal information.

Attackers use phishing as a way to steal sensitive information such as logins, credit card numbers and identities. These attacks can be personalised through social media and deliver malicious payloads of malware, ransomware and spyware.

Ethical Phishing

As phishing is a distressing and worrying crime it is important that our simulated phishing is ethical. Rather than being used as a metric by which to punish employees, it needs to be an educational experience. Ethical phishing enables you educate users about the threats they face without causing additional stress or worry on behalf of the employees.

Phishing simulation tests also provides you with insights into potential risks. Understanding your employees’ actions and measuring their progress helps you manage your email security risk.

Employee considers different example phishing threats

How to Defend Against Phishing Attacks?

Network security systems, spam filters, email gateways and firewalls all play an important role in protecting an organisation from phishing threats. However, without informed and vigilant users these protections are never going to be a total solution to phishing scams.

Enabling staff to defend against phishing protects your organisation and ensures your technological security investments are worthwhile. It also provides individuals with skills that can be transferred into preventing cyber crime their personal lives.

Reduce phishing risk

A single successful phishing attack can damage your organisation through lost time, revenue and client opinion. By measuring user interaction and educating people you can minimise the risks of clicking on dangerous emails, links and attachments. One of the key benefits of phishing training is encouraging employees to report phishing.

By launching simulated phishing campaigns, you can keep employees up-to-date and vigilant against the latest in phishing threats. With tell-tale malicious elements, you can record which of your people need further information security training.

Reduce the risk of phishing attack over time with simulated emails

Key Phishing Facts

Pervasive Malware

94% of malware was delivered by email. Although from the combined results of multiple security awareness vendors click rates in simulated phishing are going down to 3% from 25% in 2012.

Verizon DBIR

Insufficient Training

77% of all UK workers have never received any form of information security training.

Centrify PAM Survey

Widespread Phishing

According to UK government research, in 2021, 83% of businesses experienced phishing attacks against their organisation.

UK Government CSBS 2021

Attacks are only getting more sophisticated. More than two-thirds (68%) of all phishing sites use SSL protection.

What makes Hut Six's Phishing Simulator different?

Creating a Simulated Attack

Hut Six simulated phishing tests specialise in three stage attacks. These measure open rates, click rates and whether the user falls for the attack.

Simulated Phishing Emails

These templates mirror the most effective phishing tactics employed in real-world attacks. They use customisable attachments, images, HTML and user information, such as the user’s name and email address to test phishing susceptibility. Select from our range of custom security awareness email templates. Or you can design your own bespoke spear-phishing emails with our editor.

Multiple phishing templates to choose from within the Hut Six platform

Custom phishing landing pages

The phishing landing page tests if the target is willing to divulge personal information to a potential attacker. This data is not be stored or transmitted; the only information sent acknowledges that the user had completed the form.

"Malicious" Websites

Each phishing landing page is specific to the attack and adds to the realism of the campaign. These pages can mimic social media logins, file sharing sites, banking, email and other important digital services.

Malicious phishing website offering fake antivirus software

Point-in-time Training

If a user is caught out by a simulated phishing attack, they are automatically taken to attack specific training modules. The tutorial will explain how the user could have spotted that it was a phishing email/web-page.

Specific phishing red flags

If a user successfully navigates the phishing emails they are congratulated at the end of the campaign. This phishing simulation test reinforces positive behaviour. It is important to clarify exactly what tactics the phishing scam was employing.

Anti phishing training showing red flags on the indicators in the email

How to Use our Phishing Simulation Platform

Our flexible platform makes creating simulated phishing campaigns simple.

Organisational chart icon

Target User Groups

Target different users and groups with attacks tailored to their behaviours and performance in past training. Adapt these groups as the campaign progresses to reactively train your organisation.

Calendar icon

Schedule your campaign

Select the duration of the campaign and the times of day the phishing emails will be sent to your employees. Our system will then randomise delivery across your workforce.

Simulated phishing represented with a fishing hook icon

Craft your Phishing Attacks

Choose from our range of phishing templates or create your own attacks to have the greatest impact for your particular organisation. Include attachments and links to gather more data.

Editable phishing templates icon

Custom Phishing Editor

Customise your own simulated phishing attacks with our drag and drop editor and test your users against spear phishing. We developed this template creator to enable our clients to create their own custom phishing email templates. These cyber security awareness email templates each have a corresponding on-the-spot training page. Build your email attack with drag and drop text, personal information placeholders, image and video elements with our simple graphical interface. The editor also accepts html uploads for particularly convincing real world scams. Such as mimicking office 365. These templates can then be scheduled and deployed in a phishing campaign alongside regular templates.

Measure Behaviour Change

With Hut Six’s learning management system (LMS), employers can assess and track the performance of staff in the campaigns. Hut Six’s comprehensive solution builds a security aware culture by focusing on achieving meaningful behaviour change. Our dashboard displays comprehensive metrics, including open rates, click through rates, submissions and attack types, are measured across different user groups. Exportable phishing simulation reports show learning outcomes from the campaigns and can inform improvement over time.

Phishing campaign report showing user susceptibility to a particular template

Anti phishing training program

Security awareness training is part of any anti phishing strategy. Phishing simulation vendors' training solutions can vary in their sophistication and focus on education. We recommend using the phishing attack simulator to augment your training activities. By educating your staff regularly with interactive and engaging tutorials, you help to improve compliance, reduce the risk of successful cyber attack. Hut Six delivers an ongoing security awareness training program that covers all aspects of information and cyber security.

Security awareness training to accompany your phishing campaigns

Ready to start building a secure culture within your organisation?

Start trial icon

Start your Free Trial

Sign up for a free, 14-day trial. Experience the platform and show it to your team before making any decision with no payment details required.

Start Now

Calendar icon

Book a Meeting

Meet with one of our team for a walk through of our phishing email simulator and to help us gain an understanding of your security awareness requirements.

Pick a Time

Our Successful Phishing Case Studies

Office for National Security Logo

Office for National Statistics

“Hut Six has been the most successful third-party security awareness platform we have used to date...”

Jamee Davies, Information Security Systems Manager

Hut Six's Phishing Simulation Tool


  • Real-time reporting and exportable pdfs per campaign

  • Easily configurable phishing testing through the Hut Six wizard

  • Consistently updated phishing attack template library

  • Personal information placeholders allow you to simulate spear phishing at scale

  • Multi-stage attacks which test the user and "steal" personal information

  • Randomised email scheduling, automated accounting for time zones

  • On-the-spot training for users who fall victim to the phishing attack

  • Single Sign On (SSO), Active Directory Integration for user management

  • Accessible across browsers and mobile compatible

  • Phishing results reports across user groups and individuals

  • Analysis of phishing risk by attack template and attack type


  • Improved email security within your organisation

  • Change employee actions with simulated phishing campaigns

  • Assess employee response to cyber threats with customised phishing templates

  • Meet compliance obligations such as ISO27001, Cyber Essentials, GDPR

  • Help your security team manage phishing risk for your organisation

  • Interactive landing pages improve the realism and the learning experience

  • Concise on-the-spot training educates users at the crucial moment

  • All-in-one phishing simulation and training cybersecurity awareness reports

  • Track your phishing performance over time to see risk reduction

  • Automated setup reduces your workload in delivering phishing campaigns

  • Reinforce security training with tests in the real world

  • Demonstrate risk to your board and stakeholders with metrics

  • Latest Blogs

    What is Business Email Compromise (BEC)?

    What is Business Email Compromise (BEC)?

    Mastering Business Email Compromise (BEC): the ultimate guide to defending your organisation. Discover key attack strategies and proven defence tactics. Safeguard your business today.

    AI and the Future of Spear Phishing

    AI and the Future of Spear Phishing

    Uncover the future of cybercrime. Explore how AI will revolutionises spear phishing, posing new threats to cybersecurity. Learn how to defend against these advanced attacks.

    A Guide to AI Security Policy

    A Guide to AI Security Policy

    Delaying the implementation of an AI security policy is akin to leaving the door wide open for potential threats. Without adequate safeguards in place, sensitive information may be compromised, leading to regulatory non-compliance, legal ramifications, and loss of consumer trust.

    Artificial Intelligence and Employee Security Training

    Artificial Intelligence and Employee Security Training

    There many reasons employees need AI security training, including mitigating emerging risks, protecting your organisations reputation, and avoiding non-compliance related fines/financial damage.

    Speak to us about your Cyber Awareness