Security Awareness Training

Phished Automated Cybersec Awareness Training: Expert Insights Review

Expert Insights’ technical review of the Phished security awareness training and simulation platform.

Article thumbnail image

Expert Insights Score: 4.5/5

What We Like:

  • The self-learning phishing campaigns are easy to set up and run, freeing up time otherwise spent creating simulation templates, while presenting users with relevant, continuous training.

What To Be Aware Of:

  • The platform doesn’t provide an extensive amount of training content.

What Are Phished’s Key Features?

Phished’s core feature is the ability to learn which phishing emails your users are likely to click on using machine learning algorithms. The system uses this data to send out individualized, tailored simulated phishing emails based on historical click patterns, meaning every single user receives a unique phishing test based on their own unique needs.

Admins can automate these campaigns to be sent on a regular basis; Phished recommends they’re sent every 15 days. Simulations cover a variety of threats, including business email compromise, insider threats and spear-phishing—with an option to disable spear-phishing campaigns, which can be controversial amongst end users.

Users can report phishing simulations via a button in their Microsoft 365 mobile and desktop client, or report the email via forwarding when using other email clients. If a user correctly reports an email, they’re congratulated; if they fail to identify a simulation, they’re assigned training at the point of failure on that topic.

Admins can view reports by user and by department into which users are completing their training, reporting emails, clicking on simulations, and entering credentials in fake “phishing” webpages. 

Phished Technical Review - Expert Insights
The Phished Dashboard

How Effective Is Phished?

The automated simulation campaigns offered by Phished are incredibly effective. Because phishing simulations are tailored to each users, testing and is much more accurate and realistic than competitor solutions, which commonly send out the same simulation to every single user within the organization. Admins also don’t have to manually configure simulations, as they are automatically tailored to each user.

The Phished Academy training library offers textual training content in the form of articles and limited video content. Admins can also create quizzes within the platform to test their users on what they’ve learnt. Content is delivered automatically if a user fails to identify a simulation. It can also be assigned on demand by admins. While the bite-sized modules are an effective way of delivering learning, there isn’t enough content to provide comprehensive awareness training across a range of topics.

While training modules and simulation templates are available in nine languages, organizations in the US with Spanish speaking employees should be aware this solution offers limited materials in Spanish. The most content is available in Dutch and English.

How Easy Is Phished To Manage?

Because it’s delivered via a web-based console, Phished is very quick to deploy. Users can be onboarded manually, via .csv file upload, or via an Azure Active Directory integration. The platform also offers detailed support on how to integrate Microsoft 365 so that MS Advanced Delivery Protection doesn’t flag simulations as spam.

From the dashboard, admins can add new users, set up simulation campaigns, create Learning Paths for end users to complete, and view reports into simulation results.

Configuring an automated simulation campaign takes a matter of minutes and, once set up, simulations are sent regularly as scheduled without any extra work needed. Admins can create visual reports into simulation results, including a Hall of Fame and Wall of Shame view (top reporters/most phished), and can filter by user department. Admins can also easily generate reports into the training completion status of each user.

Overall, the web console is very intuitive and easy to navigate.

Who Is Phished Best Suited For?

Phished is a strong choice for organizations looking for effective way to identify and train team members susceptible to phishing attacks with automated phishing simulations, tailored for each individual user.

Phished is effective when running ongoing phishing simulations for a large number of users, while offering the considerable benefit of minimal ongoing management. The solution is particularly well suited for enterprise organizations and MSPs looking for an easy to manage solution with strong phishing simulations.

Our in-house testers also saw benefit in the service being suitable for small- and medium-sized businesses based on the training material offered by Phished, although the solution is primarily targeted at enterprise customers and MSPs.

Our Verdict

Phished is a dedicated, specialized phishing simulation platform that excels in delivering highly-personalized phishing simulations to individual users, improving accuracy and allowing organizations to identify susceptible users.

The platform is easy to navigate and manage, and makes it simple to set up automated campaigns, saving valuable resource compared to other platforms that require more hands-on management.

Written by Caitlin Jones

Tested by Craig MacAlpine

Date of Testing: 15 December, 2021

Date of Publication: 21 December, 2021