image description

Simulated Phishing

Reinforce training through simulated phishing attacks

Reinforce training with continous mock phishing tests

Hackers are bypassing traditional perimeter security and going after the weak link – your users. They need to be trained and then tested to reinforce what they have learnt and to keep them on their toes, keeping security top of mind.

Bait and Phish offers administrators an easy to use, intuitive portal to create campaigns to test your users with real life phishing emails.

Campaigns can be set to target all of your users or a sub-group, for instance your Accounting department. They can be a one time campaign or continous, which we recommend to reinforce consistent behaviour. You can also select an individual template, group of templates or a random template for each user..

If your users click on one of these mock phishing emails they will be sent to a landing page which will provide them with a quick training message and will track and record who clicked the message so you can follow up with more training if necessary.

Our phishing reports will tell you who is clicking on emails, what they have clicked on and on ongoing campaigns you will see the number of people clicking going down over time.

Simulated Phishing Attacks

Why use our simulated phishing tool?


Changing behviour requires frequent testing. Schedule and ongoing campaign to test your users with real life mock phishing emails. We recommend you set this for every two weeks.


Your phishing campaigns can use multiple templates with a random one going to each user. They can also be scheduled to deliver the emails over a number of days. This largely prevents people discussing the email and warning their colleagues to watch out for it, as well as minimizing the load on your email servers and the amount of calls to your helpdesk.


We have hundreds of ready-to-use real life phishing templates to use. These are added to on a regular basis to keep up with current events and trends. You can also easily create your own using our intuitive WYSIWYG.


What happens when a user clicks on a link? You can assign them a variety of landing pages which have a brief teaching message. Users presented with immediate feedback on point of failure are much more willing to take notice which further reinforces future behaviour.

Sign Up

More Features Of Our Phishing Service

Custom Campaigns

Create phishing campaigns or tests that target one or more individuals, groups you define (eg your HR department) or your entire user base. You have the option using a single template, group of templates or a random template choice.

Custom Phishing Templates

Apart from the hundreds of easy-to-use existing templates, you can customize scenarios based on personal information, creating targeted spear-phishing campaigns, which replace fields with personalized data.

Direct to Training

If users click on the simulated phishing email they can be redirected to a choice of landing pages with an education message and/or you can assign them an instant remedial training module.

Instant Notifications

Anytime a employee clicks a phishing link you can be notifited immediatly by email to begin coaching.


View detailed records and charts of all activities including progress of users, campaings and all click events. You will also know whether employees fell for an attack through a mobile phone, a tablet, or a computer; the browsers they were using; and their locations when they fell for the attack.

Schedule Campaigns

Administrators can schedule your phishing tests for one-time, weekly, bi-weekly or monthly attacks. Our recommendation is to schedule regular (every 2 weeks) tests to your entire user base to keep them on their toes and to re-inforce best practices when dealing with phishing attacks.