Skip to main content

Phishing Simulation

Updated over 3 weeks ago

Phishing Simulation Capabilities

Guardz offers a comprehensive phishing simulation feature designed to measure and improve employee awareness of social engineering threats. You can now choose between two powerful methods to launch a simulation:

  • AI-Generated Campaigns – Automatically craft realistic phishing emails tailored by department, tone, language, and industry using generative AI.

  • Pre-Built Templates – Select from a variety of professionally designed phishing emails that mimic real-world attacks, including brand impersonations like AWS and Azure.

Both methods are designed to test users' ability to identify phishing threats by tracking their interaction with the simulated emails.

Why Run a Phishing Simulation?

Running a phishing simulation before launching an awareness training campaign helps assess employee vulnerability to phishing attacks. The insights gained can then be used to tailor future training, highlight risk areas, and reinforce secure behavior.

How to Create an Awareness Phishing Simulation?

  1. Create Simulation

In the Awareness module, click “Phishing Simulation – Create.” From here, choose whether to:

  • Use AI Generation, where you define custom parameters and generate tailored content; or

  • Select a Pre-Built Template, choosing from a range of realistic phishing scenarios.

2. Allow List:

Add the Guardz domain to the Allow List in your email provider to prevent marking this domain as Spam.

3. Simulation Content Setup

If using AI-Generated Simulation:

  • Define simulation parameters: recipient name format, sender name and title, tone, content type, industry, language, and email length.

  • Name the campaign (internal use only).

  • Click “AI Generate” to create content based on your inputs. Use “Regenerate” to generate new versions.

  • All generated content can be edited, including subject line and sender. A phishing link must be included in the body of the email.

Note: You can select "No Name" for recipients if the name pulled from your directory does not match the email language.

You can also edit the email content, subject line, and sender name by clicking the edit button. Note that it is mandatory to include at least one phishing link in the email content.

💎 Tip: You can set the Recipient to 'No Name' when the recipient name pulled from the main directory doesn't match the email language.

If using Pre-Built Templates, simply select a template and preview the content. All templates are branded, realistic, and use appropriate phishing themes.

4. Assign Simulation and Schedule

Schedule

  • Set a start and end date for the simulation. The recommended duration is 5 days, but shorter durations are supported.

  • If scheduled in advance, emails will be delivered between 9 AM and 10 AM (based on your local machine time).

User Selection

Choose who will receive the simulation:

  • Users – Select specific individuals. You can add more users after the campaign starts (ideal for internal testing).

  • Groups – Select from synced Microsoft or Google admin groups. A user list will be shown for confirmation.

5. Preview & Launch

The phishing email will be sent using a dedicated domain, and the alias will match the signature style of the selected content. Once reviewed, click “Assign” to launch.

6. Track results:

💡 Note: It takes up to 1 hour to view the results of the Phishing Simulation!

After you activate the Phishing simulation, the results can be tracked in the simulation results. You can see the primary metrics of Send rate, open rate, and click rate and which user clicked on the phishing link.
Tracking Results

Important: It may take up to 1 hour for the simulation results to be displayed.

You can track:

  • Send Rate – How many emails were successfully delivered

  • Open Rate – How many users opened the email

  • Click Rate – How many users clicked the phishing link

Click “Stop Campaign” to end the simulation at any time. Once ended or completed, an Awareness Issue will be created, summarizing results and listing users who clicked the link.

6. User Interaction and Statuses

Each recipient will be marked with one of the following statuses:

  • Pending – Email sent or opened, but no action taken

  • Success – Email opened, and the phishing link was not clicked

  • Clicked – User clicked the phishing link (marked as a failed attempt)

Users who click the link will be redirected to a message page informing them that this was a simulation.

8. Extracting Data:

It's easy to extract a list of the users and their status in completing the assignment. Simply click the button in the top-right corner and export to CSV or print. This allows admins to efficiently communicate with their customers about how their employees performed and if follow-up is required.

The CSV and printed file will include the sent, opened, and clicked timestamp for each user. This information is helpful when troubleshooting issues with the simulation. For example, if the opened and clicked timestamp matches the sent timestamp, it is likely that the email was blocked by the user's email security. In this situation, you may need to change your white labeling settings.

Supported Languages for AI Phishing Simulation

  • Dutch

  • English

  • Hebrew

  • Spanish

  • French

  • German

  • Italian

  • Portuguese

Awareness Issue Types and Remediations

The issues will be raised for the Phishing simulation once the simulation has been completed or stopped.

Randomize Email Delivery Time

Feature Overview

The Randomize Email Delivery Time feature adds variability to the sending times of emails during a simulation.

  • This feature is enabled by default via a checkbox in the campaign settings.

  • When enabled, email delivery times are randomized across a spread of the campaign duration.

Timing Logic

To ensure all users have enough time to respond meaningfully:

  • The randomized delivery window is from the start of the simulation until 70% of the total simulation time.

  • This means the last randomized send time will occur no later than 70% into the campaign.

  • The sending is restricted to business hours (9:00pm–5:00pm) according to the MSP time zone (EN-US or AU).

Campaign Edits & User Invitations

  • If you edit the campaign, the random send times are regenerated.

  • If you invite new users after the campaign has started, their delivery times are also randomized, but only within the time range between their invite time and the end of the campaign.

Campaign Stop Behavior

When a campaign is stopped:

  • All pending delivery are immediately canceled.

  • No further emails will be sent after the stop action.

  • You’ll be able to see:

    • Which users did not receive the simulation.

    • The total percentage of users for whom the campaign was stopped before delivery.

Send Time Visibility

  • The Send At column in the active simulation summary displays rounded delivery times, shown in 30-minute increments.

  • Actual send times may vary slightly within the half-hour window.

Related Articles
Allowlisting Guardz Phishing Simulation Domains and IPs in Microsoft 365
AI-Driven Phishing Simulation (Release Notes June 2023)
Customize Phishing Campaign Content (Release Notes March 2024)
Multi-Customer Phishing Simulations
Randomize Email Delivery Time
Did this answer your question?