Phishing simulation

How susceptible are you to phishing? Try a simulated phishing attack and find out.

Cognisys can perform phishing simulation to determine the susceptibility of your people to this type of cyber risk.

In our phishing simulation service, we work with you to devise a range of scenarios, building a series of personalised phishing emails to target specific groups within your organisation.

Typically, the emails will invite recipients to take certain actions, such as giving away sensitive information or downloading malicious payloads allowing unauthorised access to your environment.

Phishing, spear-phishing and whaling

The dark web is made up of digital communities that sit underneath the internet. While there are legitimate purposes, it is estimated that over 50% of this type of site is used for criminal activities.

Sometimes referred to as the ‘underbelly of the internet,’ the dark web is a shrouded area, hidden from search engines and only accessible with a specialised web browser. It also masks IP addresses, which essentially allows fraudsters to operate undetected to commit crimes, including identity theft.

Take the right mitigation steps

There is no single solution that can protect against all possible attack vectors. However, you can take steps to mitigate the most common forms of attack. Statistically, these attacks are most likely to leverage passwords compromised on the dark web or leaked due to human error, often a result of phishing attacks or a lack of awareness around security best practices.

Phishing simulation process

  • Creation of easy, medium and difficult templates, so as to scale training
  • Identify existing security awareness
  • Training can be built into landing pages

The goal of a simulated phishing attack is to trick an individual into disclosing personal or corporate information through social engineering, email spoofing and content spoofing efforts.

For example, we may send the victim an email that appears to be from a trusted source, including links back to a customised malicious website that has been created especially for the attack.

Our emails and websites can be highly personalised and customised, incorporating the target’s name, job title or other relevant information.

Cognisys presents its findings in a comprehensive yet simple report format. This typically comprises of an executive summary, methodology, technical findings, and prioritised recommendations for remediation.

  • Understand how to better defend your organisation using a layered defence approach.
  • Provide cyber security awareness training for your employees.
  • Build an effective cyber threat reporting culture, with a ‘no-blame’ approach for maximum uptake, throughout your organisation.

Discover how we’ve helped leading organisations



How to protect against AiTM/Evilginx phishing attacks

A deep dive into the Attacker-in-the-Middle (AiTM) threat, spotlighting EvilGinx2. Discover how to protect against phishing and thwart AiTM attacks with essential strategies.

A guide to vishing


A guide to vishing

In this blog, we explore how to identify and protect yourself against vishing attacks.


.ZIP domain registration: A risky gateway to nefarious outcomes

In the ever-evolving world of cybersecurity, understanding emerging threats is critical to maintaining a robust defence. One trend currently attracting attention is the registration of .ZIP domains.

Let’s make things happen

Fill in the form and one of our team will be in touch for a no-obligation discussion or quote regarding your requirements.
Leeds office

5 Park Place
Manchester office

The Sharp Project
Thorpe Road
M40 5BJ