Phishing Simulation Programs

Abstract

A phishing simulation program (also commonly referred to as “self-phishing” or phishing assessment program) is a customizable awareness program used by information security professionals in higher education and private industry. This highly effective training program—which is typically incorporated into an existing campus information security awareness program—allows organizations to simulate phishing e-mails, help identify which end users are more susceptible to such targeted e-mail attacks, and engage in more focused training opportunities to help users recognize phishing attempts

This document briefly explains the benefits and potential risks of deploying a phishing simulation program, and also includes a list of popular phishing simulation programs or tools to consider. Information security practitioners can use this resource to help gain executive-level support for phishing campaigns at their institution.

This document was updated in April 2019.

Download Resources