Phishing Simulation

Customized phishing security testing to help
improve your controls.


Our team can simulate a phishing attack against your organization. These can either be ‘standard’ messages, fake gift vouchers or login messages for example. Or they can be complicated, involving multiple phases attempting to deliver a payload, or other outcomes. The type and frequency of these simulations can be tailored to your organization’s specific needs.


Tests employee security awareness, but also identifies the gaps in your controls. For example, if an employee clicks on a suspicious email, we can discover how they got through your spam filter. If a payload can be delivered, then find out where the gaps are in your endpoint security tools.


After discussion with the client to identify specific requirements, our team creates a customized assessment and uses our phishing infrastructure to conduct the test.

Depending upon the complexity, a simulation can range from a day or two, to
several weeks. If a payload is required, work will be done to develop this. Tests will be executed and results collected. Employees who click on the phish are directed to relevant information (i.e., a training video, a message about being phished etc. etc.).

We then provide clients with details on the results, including the structure of the phishing campaign and the number of users who clicked, along with recommendations for improvement.

Phishing Simulation FAQ

What is phishing?


Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

What are the objectives of phishing simulations?


The objectives of phishing simulations are two-fold: To test employee awareness of phishing attacks and their ability to identify them; and to identify gaps in an organization’s controls against phishing attacks.

How are phishing simulations conducted?


Phishing simulations are typically conducted via email, although other methods such as telephone and text message can also be used. The attacker will send a message to the target pretending to be from a legitimate institution, such as a bank or online retailer, and attempt to lure the target into providing sensitive information.

Are phishing simulations effective?


Yes. When done properly, phishing simulations are an effective way to test employees’ awareness of phishing attacks and their ability to identify them. They can also help to identify gaps in an organization’s controls against phishing attacks.

What are the benefits of phishing simulations?


The benefits of phishing simulations include:

  • Testing employee awareness of phishing attacks and their ability to identify them
  • Identifying gaps in an organization’s controls against phishing attacks
  • Providing employees with relevant training and information if they do fall for a phishing attack

What are the risks of phishing simulations?


The risks of phishing simulations include:

  • The possibility of employees becoming confused if they receive a phishing email that looks very similar to legitimate emails they usually receive
  • The possibility of employees clicking on a malicious link or attachment in a phishing email and infecting their computer with malware

Why work with OccamSec?


Our team of experienced cybersecurity professionals can help you assess your organization’s security posture and identify gaps in your defenses. We can also customize a phishing simulation to test your employees’ awareness of phishing attacks and your organization’s controls. Contact us today to learn more.