Phishing email awareness training


A laptop shows the landing page of our phishing simulation

Everyone is affected by phishing and can fall victim to it. It comes in many shapes and sizes. Think of a phishing e-mail that tempts you to click on a link or to open an unsafe attachment.

Are you interested in the click behavior of your employees and looking for a concrete method to arm them against the threats of phishing? Please continue reading! At Awareways, we provide a customized phishing simulation. This will create full awareness of phishing at both business and private levels and allow you to measure progress.

Why a phishing simulation?

We note that phishing remains the most common form of cyber fraud, but also that it is eminently a strategy in which scammers continue to evolve. Good information security awareness training is therefore dynamic, evolving with developments in the field. Consequently, there is no ready-made solution to secure everything. Security and privacy are not a product, but a process, in which the other party is always one step ahead.

Awareways phishing simulation provides an online platform to simulate attacks in a simple and cost-effective way. We believe that with our team of experts, we have the right approach to make any organization resilient against phishing email and other digital threats.

What could you expect from the phishing simulation?

The Awareways approach goes far beyond click behavior. Our expertise is in behavioral change, so that moment where you decide to click or not to click is just where our jobs begin. We have our own phishing simulation software that trains employees continuously and proactively.

Avoid metal fatigue (“another phishing email, can’t IT stop that…?”) and inquire about our capabilities. We provide everything from a one-off phishing action with impact to leads to continuous training courses in which we adjust the campaign based on the results and provide concrete tools.

Research: the influence of authority and time pressure on click behavior

Those who receive a phishing email are more likely to click on a dangerous link if authority is one of the variables on which the email is designed. This is what our research shows, which has produced an insightful whitepaper titled ‘Effect on click behavior’.

We are happy to share our results with you.

Autonomously start your training today by reading our 5 practical tips. Prefer to work with experts? Get in touch!

1. Take precautionary measures

Fortunately, a lot of spam is automatically intercepted to prevent you from being inundated with false emails on a daily basis. It’s not easy to stop phishing altogether, but you can certainly take a few steps to protect yourself.

Start by properly setting up your spam folder so that the lion’s share of phishing emails don’t even reach your inbox. And a good virus scanner is also a must. But above all, make sure you don’t just leave your email address everywhere. The more often you enter your details on random websites, the greater the chance that they will come fishing in your inbox. So create a free account, for example in Gmail, especially for all those websites where you don’t want to leave your ‘normal’ email address.

2. Do not share personal or financial information

A bank, insurance company or subscription service will never ask for your social security number or your PIN, bank account or credit card number via e-mail (or by phone). They will also never send you through a hyperlink to a website where you are asked for security codes, certainly not through an SMS or social media.

Therefore, never share these details if you are asked for them in an e-mail. When in doubt, always contact the party concerned before responding to anything substantive, as chances are the message did not come from them.


3. Stay alert – outside of your inbox too

Phishing is hardly limited to email traffic, so always be on the looking during your various other online habits as well. Malicious URLs and links that want to fool you can be found just as easily on websites (“You are our 1,000,000th visitor, click & win!”) and are also increasingly being distributed via social media.

Fraudsters are usually even more effective on Facebook and certainly via SMS/WhatsApp, because internet users are more likely to follow a link there than in a dubious email from an unknown sender. Especially when that message seems to come from someone they know. So don’t just click on any links elsewhere on the Internet!

4. Doubts? They are often justified!

You know the drill: it all seems right, yet something feels slighly off. The message is not quite relevant, the person or agency in question would never formulate it in such a way, the tone is not right – et cetera. If an email doesn’t feel quite right, then something is probably off. In short: if you have doubts, they are often justified.

Check for so-called ‘red flags’ that help you to recognize a phishing e-mail: a strange e-mail address of the sender, an overly excited (positive) message, a form of pressure or threat, many language errors or strange translations, a strange URL under a link or a different, impersonal salutation. Uncertain? Just go directly (not via email) to the sender’s website to find out the truth. And remember: too good to be true is often too good to be true!

5. Fell for it? Always report it!

Of course it can happen that you click on a link or open an attachment. In general, we observe that employees are more susceptible to phishing around lunch time and are also less aware of the risks at the end of the working day. Always make sure you report it immediately to the helpdesk or to the appropriate colleague in the IT department.

The quicker you act, the greater the chance that the damage from ransomware or other dangerous exploits can be limited. And be sure to do this even if you haven’t clicked as well, as it provides a valuable warning for colleagues.


Euclideslaan 141 3584 BR Utrecht
+31 (0)30 227 14 67