Skip to Main Content
Learn for less: Save 10% on high-quality foundation and auditor training. Find out more
Simulated Phishing Attack and Staff Awareness Training Programme

Simulated Phishing Attack and Staff Awareness Training Programme

SKU: 5644
Authors: IT Governance
Publishers: IT Governance
Format: Consultancy and eLearning
Published: 11 Nov 2020
Availability: Available now
  • Assess your staff’s awareness of phishing threats and mitigate the risk it poses to your business with this comprehensive solution.
  • This two-pronged approach of simulated attack and training your staff to spot phishing scams will enable you to address weaknesses in your cyber security.
  • Work with one of the leading penetration testing companies in the UK, offering one-to-one expert advice at any stage of the engagement.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account. Apply online today or call our service centre team on +44 (0)333 800 7000.

For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service

Identify and understand your staff’s awareness of phishing

Phishing attacks are quick and easy to implement and deliver an enormous return on investment, which has motivated criminals to create increasingly sophisticated and creative phishing ‘lures’.

These are often indistinguishable from genuine emails, text messages or phone calls; in general, affected users don’t report the compromise until it is too late, inflicting enormous damage on your organisation. Senior management need regular assurance that staff have been properly trained on how to spot phishing emails, and the only real way to achieve this is through a simulated phishing attack.

This service is entirely bespoke and will be crafted according to your needs. A typical engagement will comprise the following stages:

  1. Perform the phishing campaign
    1. Work with our consultant to identify the best type of attack to target your staff with, who you’d like to target and the key metrics you want to track.
    2. Once we understand your requirements, we will design and build the bespoke attack, which involves setting up a domain, creating an email template to mimic your own, building web pages, etc.
    3. We will compile the results of the test into a comprehensive report that highlights any weaknesses within your business.
  2. Perform staff training
    1. Our interactive e-learning course helps employees identify and understand phishing scams, explains what could happen should they fall victim, and shows them how they can mitigate the threat of an attack.

Our phishing campaign will be performed before and after training to track improvement.

At the end of the campaign, you will receive a comprehensive report broken down into:

 Executive summary

High-level, non-technical summary of vulnerabilities identified, your business’ risks, and comparison results.

 Assessment details

Detailed description of when the assessment was performed, the type of assessment and its objectives.

 Phishing template

Details of how the template was designed, what identifies it as a phishing email and supporting web pages.


Overview, consultant’s commentary and anonymised breakdown of the results.

Download the full service description


This test will be performed using IT Governance’s proprietary security testing methodology, which is closely aligned with the SANS, OSSTMM (Open Source Security Testing Methodology Manual) and OWASP (Open Web Application Security Project) methodologies.

How this programme will help you

  • Quickly find out if there is an internal phishing awareness problem.
  • Determine which employees require additional phishing training – an effective way to change end-user behaviour.
  • Craft campaigns based on the experiences and threat analysis of our expert security testing team.

Who is this service for?

This service is suitable for organisations that want to understand their staff’s awareness levels or test the effectiveness of their phishing training.

How it works

What’s included in the Simulated Phishing Attack and Staff Awareness Training Programme?

Simulated phishing attack

This simulated phishing attack will establish whether your employees are vulnerable to phishing emails, enabling you to take immediate remedial action to improve your cyber security posture.

Our CREST-certified penetration testing team will perform a simulated phishing attack to determine your organisation’s current susceptibility to this type of attack, identifying the groups of users most at risk.

Phishing Challenge E-learning Game

Embed phishing knowledge quickly and effectively with this short, punchy ten-minute game to test your employees’ knowledge. It covers:

  • The dangers of clicking suspicious attachments in emails;
  • Spotting suspicious emails;
  • What to do when you have clicked a suspicious attachment; and
  • Reporting suspicious emails and cyber attacks.

Phishing Staff Awareness Training Programme

Teach staff how phishing attacks work, the tactics employed by cyber criminals and what to do when they’re targeted. The course covers:

  • What social engineering is;
  • How to identify social engineering attacks;
  • The consequences of a phishing attack;
  • How easy it is to fall victim;
  • How phishing attacks are orchestrated;
  • How to identify a phishing scam; and
  • Ground rules for avoiding phishing scams.
Why It Governance?

Why IT Governance?

  • Penetration tests should only be carried out by experienced consultants with the necessary technical skill set and qualifications. Our CREST-certified penetration testing experts have strong technical knowledge and a proven track record in finding security vulnerabilities. They can carry out exploits in a safe manner and advise on appropriate mitigation measures to ensure that your systems are secure.
  • Access technical expertise and get peace of mind, knowing that your wireless network has been reviewed by experienced testers in line with your business requirements.
  • For Azure clients, our penetration tests comply with the Microsoft Rules of Engagement. This means we take care to limit all penetration tests to your assets, thereby avoiding unintended consequences to your customers or your infrastructure.

Customer Reviews

This website uses cookies. View our cookie policy
SAVE 10%