Frequently asked questions
Straight answers to the questions we hear most.
For companies that have never done phishing training
Do I even need phishing training? We're only 25 people.
Attackers don't filter by company size. Phishing emails go out by the millions. Your 25 employees get the same emails as a 25,000-person bank. The difference is your team probably hasn't been trained to recognize them. 43% of cyberattacks target small businesses specifically because they're less prepared.
We've never had a security incident. Why start now?
You probably have — you just don't know it. Most credential theft is silent. The attacker gets a password, logs in, and watches for weeks before acting. They read emails, learn your processes, and wait for the right moment. Phishing training helps your team catch these before they become six-figure problems.
I don't have an IT department. Can I run this?
That's who we built this for. If you can upload a spreadsheet and click a few buttons, you can run PhishPlease. Setup takes one afternoon. Everything after that is automated — campaigns send on schedule, training triggers when someone clicks, reports generate themselves.
Won't my employees think I'm trying to trick them?
They might, the first time. After a few campaigns, they'll start catching the simulations — and they'll start catching real phishing emails too. Most employees end up appreciating it once they realize it's making them sharper. The key is framing it as training, not punishment. PhishPlease is designed to teach, not embarrass.
I only have 12 employees. Is this worth it?
One employee clicking a real phishing email can cost an SMB $50,000+. At $20/month (the minimum for small teams), PhishPlease costs less than a single compromised password. You'd insure a $50,000 asset for $240/year without thinking twice.
How long before we see results?
Your first campaign will establish a baseline click rate — usually 25-35% for untrained teams. By month 3, most PhishPlease customers see that rate drop below 10%. The improvement is measurable and visible in your dashboard from the first campaign.
For companies evaluating the product
Will my employees be annoyed?
Yes, at first. That's normal. The simulations are designed to teach, not embarrass. Employees who click get brief, relevant training — not a lecture. After a few rounds, most people appreciate it. The goal is behavior change, not gotcha moments.
Does this actually satisfy my insurer?
We generate exportable PDF reports showing simulation frequency, employee participation, click rates, and training completion. These are the metrics insurers ask for. You can attach them directly to your renewal application or email them to your broker.
How is this different from KnowBe4?
KnowBe4 is built for enterprises with security teams and budgets to match — $19-33 per seat per month with annual contracts. PhishPlease costs $1 per employee per month with no contract. We focus on the features SMBs actually use: realistic simulations, automated training, and compliance reporting. If you have 500+ employees and a security team, KnowBe4 is probably a better fit. If you have 15-200 employees and need this done by one person, we're what you're looking for.
What if nobody clicks?
Then your team is sharper than average — most first campaigns see 25-35% click rates. If your rate is low, we'll increase difficulty automatically so the simulations stay realistic. The goal is to keep your team challenged, not to generate failures.
Can employees tell it's a test?
That's the whole point. Our templates are modeled on real attacks — they're designed to be convincing. Employees who learn to spot our simulations will spot real ones. If everyone catches every simulation immediately, we increase the difficulty.
What about text/SMS phishing?
Included in your plan at no extra cost. 16 SMS templates covering fake delivery notifications, bank alerts, MFA bypass attempts, and urgent requests. Email is where most attacks start, so we focus there first. Add text campaigns when you're ready. Voice phishing is also available as an add-on for full coverage.
What's the guarantee?
If you experience a successful phishing attack while actively using PhishPlease (running regular campaigns and training), we refund your last 3 months. No other phishing training platform offers this. We can afford to because the product works.
Can I cancel anytime?
Yes. Month-to-month billing, no annual contract, no cancellation fee. Cancel from your dashboard. Your data stays accessible for 30 days so you can export reports.
Still have a question?
We respond within 24 hours. Or start your free trial — the trial is the demo.