Phishing is a technique deployed by email that is used to trick people into performing an action; such as downloading a file, conducting a transaction, or supplying information. It is a common threat that companies and individuals need to look out for.


Types Of Phishing

Phishing is often used as a generic term, but some like to break this term down into different types. First is Spear Phishing, which is a term used to describe a phishing attack that is targeted to a specific individual or organizational position. When one receives a spear phishing email, the attacker crafts the email to include relevant information that intends to give credibility to the email in the eyes of the recipient. More generic phishing emails often start with ‘Dear Sir’ or ‘Dear Madam’, a spear phishing email often addresses the specific recipient i.e. ‘Dear David Johnson’. Because of this, spear phishing is often the cause of significant data breaches both personally and professionally.


Why Is Phishing So Common?

Phishing is often used because the attacker is able to hide behind their computer, there is very little risk to them. They prey on the curiosity, generosity, and trust that humans so naturally give. This allows them to trick the recipient into performing an action, such as downloading a virus or conducting a transaction. The attackers will often use this to help further their objective, which in most cases is theft or virtual ransom.

Attackers often don’t get caught because of the nature of the crime. Everything is done digitally through various networks, computers, and they can attack you from anywhere in the world. This makes the perpetrators actions very hard to track back to their original source.


What Can Be Done To Prevent Phishing?

There are several things a company can do to prevent and/or minimize the threat of phishing attacks on their employees. Eliminating the risk of phishing entirely is often difficult; but minimizing the risk here is key, as some phishing attacks may be highly sophisticated and take place over an extended period of time. In any case, the following steps can be taken to prevent your business, employees, and assets:

  • Educate employees on the threat of phishing through phishing awareness training.
  • Test employees susceptibility to phishing through company simulated phishing campaigns.
  • Configure the technology environment to minimize the likelihood of receiving a phishing email.
  • Establish reporting processes to notify network security personnel of phishing attacks or suspicious activity.



Phishing is a social engineering method used to attack organizations through email and other electronic channels. The phishing threat is real and absolutely shouldn’t be overlooked. Through security awareness training and technology configurations, organizations can significantly reduce their sociability to the threat of phishing.


Test & Train Your Employees

In today’s modern environment, social engineering attacks are prevalent and increasing in frequency and severity. The human element is often the weakest component in a company’s security; attackers know this and capitalize on it. In 47% of cases, cybersecurity attacks such as social engineering, spear phishing, and ransomware attacks are financially motivated. With OptyPhish, you can easily conduct simulated phishing attacks to test your employee’s security awareness. Our Phishing Simulator allows you to create custom groups with as many phishing targets as you would like. You can target any employee or group of employees with a simulated spear phishing attack. Our Phishing Simulator also allows you to craft a simple email message and send it to one or several recipients using a specified mail server. You can create multiple tests targeting specific groups with one of our custom-built phishing templates, or you can create your own test using our Phishing Template Builder. Spear phishing is a common everyday occurrence and a phishing awareness training program is critical to preventing these scams and saving your company money.


Every Single Day

  • 156 million phishing emails are sent
  • 16 million of which get through security filters and into inboxes
  • 8 million of those emails are opened
  • 800,000 links are clicked
  • 80,000 recipients fall for the phishing attack


Target & Group Management

Testing your employees with simulated phishing attacks is an important part of your overall security awareness program. OptyPhish makes it easy to measure and demonstrate your employees’ aptitude and progress on highly visual dashboards and reports. Your employees are on the front line in the anti-phishing battle and you can’t win without them.

We utilize the easy-to-use Microsoft Active Directory integration using LDAP (Lightweight Directory Access Protocol). You may also use Learning Management Systems to sync users into groups. Create as many groups as you like to help segment your phishing targets.


Mobile-Friendly For All Devices

OptyPhish’s software can be used on any device, providing the ability to perform administrative tasks in the office or on the go. Our custom landing pages are also mobile, tablet, and computer compatible to make the user feel completely safe and craft the most convincing phishing lure.


Phishing Template Library

OptyPhish’s Phishing Simulator includes a massive library of templates that are designed to mimic real-world attacks without any of the danger. Our Phishing Template Library also includes our community of other users who have submitted their tried-and-true phishing template for other companies to use. If you happen to be HTML savvy, you can write your own code to build highly customized content or email template styles and submit your own. You can pick or design the exact landing page that an employee will see if they bite the bait. These landing pages can be directly linked to training and reinforcement activities within an LMS (Learning Management System).


OptyPhish Integrates With Many Learning Management Systems (LMS)

This allows our clients to import users and instantly start testing. The client will also have the ability to flag users who need to be educated by failing the phishing test. For larger companies, OptyPhish also integrates with Microsoft Lightweight Directory Access Protocol (LDAP) to simplify the onboarding process.


Phishing Reporting

OptyPhish has a multitude of different types of reports along with comparative reports on multiple tests to see a pattern of who is being lured. You can export to CSV or PDF format along with tap into our report system using our signature API. We also have instantaneous reporting with email notifications and summary emails upon completion.


Repeat Testing & Continuing Education

Using our OptyPhish Phishing Simulator you can proactively combat against email-based social engineering attacks and strengthen your most overlooked security asset, people. Verizon ran a study and found that 67% of cyber espionage begins with a single phishing email. Let’s strengthen the people that make up your front line of defense against these sinister forces that wish to steal your information and your money. OptyPhish highly recommends a combination of simulated phishing attacks and targeted training to create a workforce that is immune to the deception of attackers.