What Is It All About?
Guardz provides a robust Phishing Simulation tool, designed to enhance employee awareness of social engineering threats. Whether you’re an MSP or an IT administrator, the platform allows you to create realistic phishing campaigns using AI-generated emails or pre-built templates, and assign them to targeted users or groups.
Why Run a Phishing Simulation?
Running a phishing simulation before launching an awareness training campaign helps assess employee vulnerability to phishing attacks. The insights gained can then be used to tailor future training, highlight risk areas, and reinforce secure behavior.
Types of Simulations
Guardz offers two main approaches:
1. AI-Generated Campaigns
Leverage generative AI to craft personalized phishing emails based on:
Recipient Details: name format, job title, and group
Tone and Language: supports multiple languages
Industry Context
Email Length and Format
The content can be regenerated and fully edited (subject line, sender, and body), and must include the phishing link.
2. Pre-Built Templates
Choose from a library of realistic phishing templates that simulate real-world threats, such as service impersonation attacks. These professionally designed templates are ready to launch and are divided into four phishing elements (they are also categorized by difficulty level and language):
Credential Harvesting: Designed to trick users into entering their login credentials on fake but realistic-looking sign-in pages
Link Click: Encourages users to click malicious links that redirect them to unsafe or fraudulent websites.
QR Code Scan: Uses embedded QR codes to lure users into scanning them with a mobile device, leading to malicious destinations
Attachments: Includes malicious or suspicious file attachments that test whether users will open potentially harmful files.
Each template includes a relevant follow-up landing page that prompts the user to perform the phishing action.
Simulation Assignment Options
Administrators can assign simulations to:
All users within a specific customer
Specific groups (synced via Microsoft or Google Workspace)
Individual users (ideal for testing or targeted training)
Please bear in mind that assignments may occur at both levels: global and per specific customer.
Launching a Phishing Simulation: Step-by-Step
1. Create a Campaign
Go to the ‘Awareness’ section and click on ‘Create Phishing Simulation’
Ensure that phishing emails sending permissions are enabled (use this article in case it needs to be activated)
2. Choose Your Template & Setup Simulation Content
Click on ‘Create’ for AI-generated content
Available languages for AI: English (US/UK/AUS), Dutch, French, German, Hebrew, Italian, Spanish, Portuguese
or
Select a predefined template (you may select up to 7 different templates for a single campaign)
Filters can be used to select specific templates according to your requirements
If more than one template is selected, you will be able to set up recurring phishing attempts
Languages can be modified using the dropdown list on the left hand side
Available languages: Dutch, English, French, German, Hebrew, Spanish, Portuguese
3. Preview Your Content
Verify the selected templates are correctly presented
Provide your campaign with a name
Note that at this point the ‘From Email’ domains are defined
4. Schedule The Simulation & Assign Users
Define a start date
Select the desired frequency (for example, 1 template every month)
Email delivery is scheduled to occur during your local working hours
Disable ‘Randomized Delivery’ to deliver all phishing email at once
Select individuals, groups, or full organizations (if a full customer is selected, you may enable / disable specific users by amending the list using the ‘Edit’ button on the right)
4. Launch
Review all settings
Click ‘Assign’ to launch the campaign
Tracking Results
Results become visible within 1 hour after launch.
You can review your launched campaigns from the main view of the 'Awareness' section.
Each sent template will include:
Failed Rate – % of users who opened the email
Pending Rate – It appears as long as the specific campaign has not yet finished. It lists all users who have not opened the email at the time the report is generated
Passed Rate - once the specific single campaign is ended the passed rate appears (detailing how many users eventually passed the simulation)
Each recipient receives the following:
Status: Pending / Sent
Action: Clicked, Credential Harvesting, etc.
Result: Passed / Failed
Please note:
Some templates (QR codes, credential harvesting and attachments) are accompanied by follow-up educational training related to phishing. In these cases, if the user fails the simulation, they are prompted to complete a short training video. This training is triggered automatically and is separate from the official, documented awareness training programs managed by the admin.
The 'Scheduled At' field presents the scheduled delivery time in 30-minute time frames.
Results can be exported in CSV format and are available for print.
Campaign Edits & Stop Behavior
Please note that editing campaign function is available for future scheduled campaigns only.
Adding new users mid-campaign will schedule delivery within the remaining window
Stopping a campaign (available only for active and running simulations):
Cancels all pending deliveries
Displays users who didn’t receive emails
Shows the % of undelivered simulations
You may also delete a campaign regardless of its running status (deleting the campaign will stop all email deliveries)
Awareness Issues & Remediation
The issues will be raised for the Phishing simulation once the simulation has been completed or stopped.