Phishing Awareness Training

Help employees recognize and report phishing attempts

It’s the people. Your employees are your biggest vulnerability—at least until they are prepared to recognize and report phishing attempts. Phishing and related social engineering campaigns are today’s number one attack vector. Over 90,000 unique phishing campaigns are launched every month. Surveys show that phishing is seen more than any other type of threat, and that phishing and social engineering attacks are the number one concern of security professionals.

It’s impossible to prevent phishing attacks by purely technical means. That’s where phishing awareness comes in. Phishing awareness training educates employees on how to spot and report suspected phishing attempts, to protect themselves and the company from cybercriminals, hackers, and other bad actors who want to disrupt and steal from your organization.

Try InsightPhishing

InsightPhishing equips you to address your largest attack vector—your users.

Join the Free Beta

Start with Employee Training

Phishing awareness training starts with educating your employees on why phishing is harmful, and empowering them to detect and report phishing attempts. Depending on your organization’s culture, you can deliver this initial training via a written document, an online video, company or department meetings, classroom training, of some combination of the above.

Create Simulated Phishing Campaigns

InsightPhishing from Rapid7 enables you to create and manage simulated phishing campaigns within your organization. These campaigns reinforce employee training, and help you understand your own risk and improve workforce resiliency.

InsightPhishing makes it easy to create emails, attachments, and web landing pages that exactly resemble the work of cybercriminals and hackers likely to attack your enterprise. Start with a gallery of templates based on actual attacks, and then customize them to reflect the types of attempts most likely to target your organization and the departments and people within it. You can simulate mass phishing, spear phishing, and whaling attempts. When your campaign is ready, create a distribution list of the departments, groups, and individuals who will receive the simulated phishing emails.

Reinforce the Phishing Awareness Training

Nothing teaches like experience. When employees click on a link or an attachment in a simulated phishing email, they are warned that they could have been hacked. You can then display a “training page” that reinforces the dangers of phishing and reminds the employees how to report suspect emails.

Monitor Results and Improve

InsightPhishing provides statistics on each simulated phishing campaign, showing what types of attacks were most successful and what parts of your organization are most vulnerable. You can use the results to focus your security monitoring, strengthen your phishing awareness training, and add additional defenses for phishing protection. You can also use the results to track the progress of your phishing awareness program and document improvements.

Phishing Awareness Training in 3 Minutes

Starting a phishing awareness program doesn't have to be daunting. Learn more.

Whiteboard Wednesday: Phishing Awareness Training

In this week’s Whiteboard Wednesday, we outline how to implement a phishing awareness program to improve employee resilience in 5 steps.


Whitepaper: How to Phish Your Business (And Get Management's Buy-In)

This whitepaper from Rapid7 answers your key questions about the value, cost, risk, and execution of a phishing awareness program.

View now

Join the InsightPhishing Beta

Developed by the minds behind Metasploit, InsightPhishing enables phishing identification, analysis, and simulation

Join the InsightPhishing Beta

All fields are mandatory

Sorry your request cannot be completed at this time. Please reach out to sales at +1-XXX-XXXX or at