Skip to Main Content
Select regional store:
Learn for less: Save 10% on high-quality foundation and auditor training. Find out more
Simulated Phishing Attack and Staff Awareness Training Program

Simulated Phishing Attack and Staff Awareness Training Program

SKU: 5644
  • Assess your staff’s awareness of phishing threats and mitigate the risk it poses to your business with this comprehensive solution.
  • This two-pronged approach of simulated attack and training your staff to spot phishing scams will enable you to address weaknesses in your cybersecurity.
  • Work with a globally recognized penetration testing firm, offering one-to-one expert advice at any stage of the engagement.

Identify and understand your staff’s awareness of phishing

Phishing attacks are quick and easy to implement, and deliver an enormous return on investment, which has motivated criminals to create increasingly sophisticated and creative phishing ‘lures.’

These are often indistinguishable from genuine emails, text messages, or phone calls. In general, affected users don’t report the compromise until it is too late, which could inflict enormous damage on your organization. Senior managers need regular assurance that staff have been properly trained on how to spot phishing emails, and the only real way to achieve this is through a simulated phishing attack.

This service is entirely customized and will be crafted according to your needs. A typical engagement will comprise the following stages:

  1. Perform the phishing campaign
    1. Work with our consultant to identify the best type of attack to target your staff, who you’d like to target, and the key metrics you want to track.
    2. Once we understand your requirements, we will design and build the customized attack, which involves setting up a domain, creating an email template to mimic your own, building web pages, etc.
    3. We will compile the results of the test into a comprehensive report that highlights any weaknesses within your business.
  2. Perform staff training
    1. Our interactive e-learning course helps employees identify and understand phishing scams, explains what could happen should they fall victim, and shows them how they can mitigate the threat of an attack.

Our phishing campaign will be performed before and after training to track improvement.

At the end of the campaign, you will receive a comprehensive report broken down into:

 Executive summary

High-level, non-technical summary of vulnerabilities identified, your business’ risks, and comparison results.

 Assessment details

Detailed description of when the assessment was performed, the type of assessment, and its objectives.

 Phishing template

Details of how the template was designed, what identifies it as a phishing email, and supporting web pages.


Overview, consultant’s commentary, and anonymized breakdown of the results.

Download the full service description


This test will be performed using IT Governance’s proprietary security testing methodology, which is closely aligned with the SANS, OSSTMM (Open Source Security Testing Methodology Manual), and OWASP (Open Web Application Security Project) methodologies.

How this program will help you

  • Quickly find out if there is an internal phishing awareness problem
  • Determine which employees require additional phishing training – an effective way to change end-user behavior
  • Craft campaigns based on our expert security testing team's experience and threat analysis

Who is this service for?

This service is suitable for organizations that want to understand their staff’s awareness levels or test the effectiveness of their phishing training.

How it works

What’s included in the Simulated Phishing Attack and Staff Awareness Training Program?

Simulated phishing attack

This simulated phishing attack will establish whether your employees are vulnerable to phishing emails, enabling you to take immediate remedial action to improve your cybersecurity posture.

Our CREST-certified penetration testing team will perform a simulated phishing attack to determine your organization’s current susceptibility to this type of attack, identifying the groups of users most at risk.

Phishing Challenge E-learning Game

Embed phishing knowledge quickly and effectively with this short, punchy ten-minute game to test your employees’ knowledge. It covers:

  • The dangers of clicking suspicious attachments in emails
  • Spotting suspicious emails
  • What to do when you have clicked a suspicious attachment
  • Reporting suspicious emails and cyber attacks

Phishing Staff Awareness E-Learning Course

Teach staff how phishing attacks work, the tactics employed by cyber criminals, and what to do when they’re targeted. The course covers:

  • What social engineering is
  • How to identify social engineering attacks
  • The consequences of a phishing attack
  • How easy it is to fall victim
  • How phishing attacks are orchestrated
  • How to identify a phishing scam
  • Ground rules for avoiding phishing scams
Why It Governance USA?

Why IT Governance USA?

  • Our CREST-certified penetration testing team will provide you with clarity and technical expertise, as well as peace of mind knowing that your external infrastructure has been reviewed by experienced testers in line with your business requirements.
  • Get one-to-one expert advice at any stage of the engagement, along with an end-of-test debrief and answers to queries following the issue of the report.
  • Our detailed reports describe any identified business risks from both technical and non-technical perspectives.
  • Our established and experienced penetration testing team has been operational since 2010, amassing extensive testing experience that ensures clients receive a comprehensive service.

Customer reviews

This website uses cookies. View our cookie policy