PhishPlease
Log InStart Free Trial

Set up in one afternoon. Your first campaign goes out today.

PhishPlease is built for companies that don't have a security team. If you can send an email, you can run a phishing simulation.

Setup walkthrough

1. Add your team

Two options: upload a CSV with employee names, emails, and departments, or connect Google Workspace for automatic sync. Both take under 10 minutes.

Organize by department if you want to target specific groups. PhishPlease tracks results per department so you can see which teams need the most help.

2. Pick a campaign template

Choose from phishing templates modeled on real attacks. Each one has been tested on real employees and refined based on actual click data.

Customize the sender name, subject line, and content if you want. Or use the template as-is — they work out of the box.

3. Schedule and send

Pick a date range, set time windows, choose whether to include weekends. Or send immediately. PhishPlease staggers delivery so emails don't all arrive at once.

Target all employees, specific departments, or individual people. Most first campaigns go to everyone — it establishes your baseline click rate.

What happens during a campaign

The employee receives a simulated phishing email

It looks like a real email — a password reset from Microsoft, an invoice from a vendor, an urgent request from the CEO. The employee doesn't know it's a test.

If they report it

They get positive reinforcement — they caught it. This builds the habit of reporting suspicious emails, which is what you actually want.

If they click

They're redirected to a brief educational page explaining what they missed and what to look for. They're automatically enrolled in targeted training relevant to the attack type they fell for.

You see everything in your dashboard

Who opened the email. Who clicked. Who reported. Who submitted credentials. Broken down by department, by employee, by campaign. All in real time.

Templates that catch real people

Every template is modeled on attacks that actually work. These are the emails your team will fall for.

Microsoft 365 password reset

The #1 phishing template by click rate. Everyone has a Microsoft account.

Vendor invoice overdue

Finance teams click this consistently. Looks exactly like a real invoice notification.

CEO urgent wire request

Tests whether employees verify unusual requests through a second channel.

IT support: security update required

Exploits trust in the IT department. High click rates across all company sizes.

Shared document notification

Google Docs or Dropbox sharing alerts. Employees click without thinking.

Shipping notification

Package delivery tracking links. Especially effective around holidays.

Plus custom template builder — create simulations specific to your industry or vendors.

Automated training for employees who click

When someone clicks a phishing simulation, they don't just get flagged — they get trained. The training is brief, relevant, and matched to the specific attack they fell for.

7-level progressive training program:

Level 1: Obvious red flags — lottery scams, generic phishing

Level 2: Polished fakes — colleague impersonation, lookalike domains

Level 3: Targeted attacks — IT impersonation, invoice fraud

Level 4: Cloud service attacks — Microsoft 365, DocuSign, Dropbox

Level 5: Executive fraud — CEO impersonation, vendor compromise

Level 6: Multi-channel threats — SMS phishing, voice phishing, QR codes

Level 7: Incident response — what to do when you suspect an attack

Each level includes real examples, a quiz, and takes 10-15 minutes. Employees complete them at their own pace. You see completion rates in your dashboard.

Reporting and analytics

Your dashboard shows everything you need to track your team's improvement and generate reports for stakeholders or insurers.

Click rates by campaign

See which templates caught the most people and how rates change over time.

Department breakdown

Which teams are most vulnerable? Target them with additional campaigns.

Employee progress

Individual click history, training completion, improvement trajectory.

Trend lines

Organization-wide click rate over time. The number that matters most.

Every report exports to PDF. Attach it to insurance renewals, share it with your board, or keep it for your own records.

Beyond email: text and voice phishing

Email is where most attacks start, so PhishPlease focuses there first. But attackers also use text messages and phone calls, and your team should be ready for those too.

Text/SMS phishing (included)

16 SMS templates: fake delivery notifications, bank alerts, MFA bypass attempts, urgent action requests. Employees who are cautious about email often click text links without a second thought.

Included in your plan. Add it when you're ready.

Voice phishing (add-on)

12 voice scenarios using AI-generated calls: IT support scams, executive impersonation, vendor payment requests. Tests how your team responds under live pressure.

Available as an add-on for full-channel coverage.

See it yourself.

14-day free trial. Full access. No credit card. Your first campaign goes out today.

Start free trial