Research shows that over 75 % of all incidents start with a malicious email – a phishing email. When it comes to phishing emails, the user is always the first line of defense, and how the user behaves is vital to the outcome. There's no complete protection against phishing, but to tackle the growing threat of email attacks, you need to go to the core and educate and increase awareness amongst your users. 

Social engineering

What is phishing?

Phishing is a part of what is called social engineering, a broad term used for a range of malicious activities trying to trick users into making mistakes. Cybercriminals "spray" the internet with large amounts of phishing emails. The more emails they send out, the more people cybercriminals will eventually trick. Cybercriminals try to get hold of sensitive information, such as personal data, credentials, intellectual property, or money.

Digital threat landscape

Growing challenge

In today's business environment, phishing attacks play a dominant role in the digital threat landscape. The challenges when it comes to phishing are growing. Here are some of the significant reasons why. 

Advanced attacks

As phishing attacks are becoming more sophisticated, it becomes even more challenging for users to identify them. Nowadays, cybercriminals often target specific organizations, groups of users, or even specific individuals. 

Weak protocol

A challenge with email attacks is the weaknesses in the protocol used for email communication, which is over 40 years old. These weaknesses allow anyone to fake their sender's name and email, meaning they can impersonate practically anyone.

Fake emails & websites

Phishing attacks usually include two things – an email and a website. The email will try to make you visit a malicious website. The combination of email and web makes it even harder for users to understand that they are being tricked. 

Remote workers 

Research shows that remote work, or working from home (WFH), has a negative impact when it comes to employees' resilience against phishing. 

Different types of phishing attacks

Phishing comes in many different shapes and forms. Cybercriminals impersonate well knows brands and take advantage of recent events.



Credentials, credit card numbers, and personal data are examples of targets for phishing emails. Phishing emails are usually sent out on a large scale – spraying the internet.

icon user-secret-duotone

Spear phishing

Spear phishing is an email attack targeting a specific individual, department, or organization that appears to be from a trusted source.


CEO/CFO phishing

CEO/CFO fraud is a scam in which cybercriminals spoof company email accounts and impersonate executives to try and fool an employee to execute unauthorized wire transfers or send out confidential financial information.



Whaling is a highly targeted phishing attack targeting C-level or other senior executives. Cybercriminals impersonate an executive and start an email conversation with the purpose to get their hands on company secrets or financial fraud.

How to protect your organization against phishing

With a robust human defense, your organization will build a human firewall – significantly decreasing the risks of being exposed to incidents such as data leakage. Phishing & Awareness Training includes all the features you need to run simulations and work effortlessly with automated awareness training.

Take your tour

Simulate social engineering

Simulate email attacks, such as phishing, spear phishing, ransomware, and CEO/CFO phishing. Or create your custom simulations.

Automated awareness training

Depending on each user's behavior in the simulation, automated tailored awareness training is composed and presented to the user.

Statistics & reports

Based on the results of the simulation, you get detailed statistics that help you identify weak users.


Through continuous simulations, you make sure to keep your users up to date with the constantly shifting and latest threats.