Skip to Main Content
Learn for less: Save 10% on high-quality foundation and auditor training. Find out more
Simulated Phishing Attack

Simulated Phishing Attack

SKU: 4451
Format: Penetration test

This Simulated Phishing Attack will establish whether your employees are vulnerable to phishing emails, enabling you to take immediate remedial action to improve your cyber security posture. 

This test simulates a real-world phishing attack on up to 1,200 of your employees. Book your test today.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account. Apply online today or call our training sales team on +44 (0)333 800 7000.

For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service

How would your staff respond to a phishing attack?

This service assesses your staff’s awareness of phishing threats by simulating phishing emails that can range from unsophisticated to a highly targeted campaign. We will capture a wide range of statistics to help evaluate your employees’ awareness. These will be detailed in a report that also identifies business and technical risk, and advises on how to improve staff awareness.

Entirely bespoke to your needs, this test will allow you to define:

  • The type of attack you wish to deploy to your employees;
  • Who the targets should be; and
  • What metrics you would like to measure.

We will design and build the attack based on your requirements. This usually involves setting up a domain from which to send the phishing email, which may be designed to closely resemble one of your own domains, developing a template to mimic your organisation’s email templates or those of trusted suppliers, building web pages for phishing emails to direct to, and so on.

Download the full service description

Your comprehensive report will include:

At the end of the test, you will receive a comprehensive report broken down into:

Executive summary

High-level, non-technical summary of your business’s risks.

Assessment details

When the assessment was performed, the type of assessment, the scope of the assessment and the assessment objectives.

Phishing template

Details of the template and landing page used, how it was designed and how users could identify that it was a phishing campaign.


Overview, consultant’s commentary and detailed breakdown of the results, including the number of users who submitted data to the phishing campaign and your overall risk score. This can also be broken down by department and compared against other results.

Download the full service description

Who is this service for?

This service is suitable for organisations that want to understand their staff’s awareness levels or test the effectiveness of their phishing training programme.

The test simulates a real-world phishing attack on up to 1,200 of your employees, using one phishing template. Price will depend on the number of users targeted.

For a more tailored attack, which could involve multiple attacks/templates and building trusted relationships with users, please contact us for a custom quote.


Benefits of the Simulated Phishing Attack

Get real-world insight into your vulnerabilities

Identify and understand your employees’ susceptibility to phishing attacks and the business impacts this presents. Quickly find out if there is an internal awareness problem and determine subsequent staff awareness training – an effective way to change end-user behaviour.

Demonstrate strength to key stakeholders

Demonstrate a strong security posture to clients by providing third-party assurances.

Safeguard your organisation

From the detailed report, you will be able to implement secure measures, thereby reducing the likelihood of a security breach while protecting your brand.

Supports best practice

Supports compliance with ISO 27001, the UK DPA (Data Protection Act) 2018 and the GDPR (General Data Protection Regulation), the PCI DSS (Payment Card Industry Data Security Standard), and other laws, regulations and contractual obligations.

Technical and non-technical descriptions

Our expert consultant will provide you with updates throughout the project from both technical and non-technical perspectives.

Finding vulnerabilities since 2010

Our established UK penetration testing team has amassed extensive testing experience that ensures clients receive a comprehensive service.

Why IT Governance?

Why choose IT Governance?

  • Our CREST-certified penetration testing team will provide you with clarity and technical expertise, as well as peace of mind. knowing that your external infrastructure has been reviewed by experienced testers in line with your business requirements.
  • Get one-to-one expert advice at any stage of the engagement, along with an end-of-test debrief and answers to queries following the issue of the report.
  • Our detailed reports describe any identified business risks from both technical and non-technical perspectives.
  • Our established and experienced UK penetration testing team has been operational since 2010, amassing extensive testing experience that ensures clients receive a comprehensive service.

Customer Reviews

(5.00)stars out of 5
Number of reviews: 1
1. on 09/08/2022, said:
5 stars out of 5
We employed ITG to send us a phishing email which we chose from one of their templates. It was very interesting to see which people responded and how far through the phishing process they got. The results from the phishing campaign have shaped our IT training and invariably made our staff more aware of the dangers of email..
Showing comments 1-1 of 1
This website uses cookies. View our cookie policy
SAVE 10%