This is Phishy user documentation page. You can find detailed information about Phishy and how to use it. Doesn’t matter if you are a security expert or a business owner, this documentation is designed to help you keep your organization safe.
Today, online safety is changing fast, and new threats appear every day. Companies are working hard to stay safe. But hackers are changing too. Instead of trying to break into computer systems first, they now try to trick the people who work at these companies. This is because it’s often easier to trick a person than to break into a system. Phishy helps companies stay safe in two main ways. First, it makes sure emails are safe. Second, it teaches people how to spot dangers and stay safe online. Phishy is different because it acts before a threat happens. It tests and trains people using real-life examples, so they’re ready for any situation. This guide is here to help you understand and use Phishy better. It talks about all the things Phishy can do and shows you how to use them. It doesn’t matter if you know a lot about security or just a little; this guide will help you protect your company.

How Phishy Works?

Phishy is a powerful tool designed to help businesses understand and defend against email scams. The tool is built around three main parts: simulation, training, and incident response. Together, these parts help companies test their defenses, teach their people, and react quickly to real threats.

Simulation ⚡️

Phishy’s simulation is a hands-on way to see how staff might react to actual phishing emails. This proactive testing helps companies spot potential weak points before they become real problems.

📬 Email Opening

Through the simulation, Phishy tracks who opens the test phishing emails, helping companies identify potential areas of vulnerability. This checks who click on the links inside these emails, indicating who might need more training on email safety.

📝 Data Sharing

The simulation uncovers who might provide personal or work-related details when asked in a deceptive email.

📎 File Activities

Phishy also monitors who might be tempted to open or download files that come attached to the test emails. This helps understand possible points of data breach. By using Phishy’s simulation, companies can gain a clear picture of where they stand and where they need to bolster their defenses.

Training 🎓

Phishy’s training module is designed to empower your company with knowledge. It uses engaging and clear methods to ensure everyone knows how to spot and react to potential email threats.

🎬 Assign Educations to Users

Admins or managers can:
  • Choose specific training videos or modules for team members.
  • Easily assign these educations to individuals or groups, ensuring targeted learning.

📊 Monitor Progress & Statistics

With Phishy, you can:
  • Track who has completed the training.
  • View detailed stats on video watch times, repeat views, and more.
  • Identify team members who might need additional training or reminders.

📧 Customized Email Reminders

  • Send reminder emails to users who haven’t watched the videos.
  • Choose specific times and days for reminders to boost engagement.
  • Customize email content for training assignments or reminders, adding a personal touch.

🖋️ Personalize Email Content

Phishy allows for:
  • Customized email templates for assigning new trainings.
  • Personal notes or messages to motivate team members.
  • Tailored reminders that resonate with your team’s culture and language.
By leveraging Phishy’s training tools, you not only educate your team but also actively engage them, ensuring that cybersecurity awareness becomes a part of your organizational culture.

Incident Response 🚨

Phishy’s incident response module streamlines the process of identifying and responding to suspicious emails. With integrated tools and an intuitive interface, users and administrators can act swiftly against potential threats.

📧 EPAS: Reporting Suspicious Mails

With our Outlook add-in, named EPAS, users can:
  • Easily flag and report emails they find suspicious.
  • Ensure rapid communication to security teams for immediate action.

🔍 Detailed Email Analysis

Admins or managers can dive deep into reported emails:
  • View detailed email contents including headers, body, and attachments.
  • Analyze embedded links in the email body.
  • Get a visual with a screenshot of the email body.
  • Receive an overall security score for the reported email, aiding in threat assessment.
If a suspicious link is found within an email:
  • Admins have the ability to disable the link.
  • Once disabled, the link is removed across all emails within the organization where the EPAS add-in is used.

✅ Mail Verification & Removal

Upon investigation, managers or admins can:
  • Classify reported emails as phishing or safe.
  • If an email is deemed to be phishing, it’s automatically removed from the inboxes of all company users to ensure protection.
Phishy’s incident response tools equip organizations with proactive measures to counteract potential email threats, ensuring a secure email environment for everyone.

What’s in the PHISHY Control Panel?

The control panel provides an overview of the campaigns created and implemented by organizations over time. It also allows filtering by date to access statistics for a specific time range. The control panel includes:
  • Number of Phished: Shows the total number of individuals phished. This is important for assessing the impact of attacks.
  • Target Score Changes: Shows changes in the scoring system used to reflect the impact of campaigns. This is used to monitor victim behavior and improve security measures.
  • Training Rate: Indicates how many phished individuals participated in training programs. This is used to measure the effectiveness of training.
  • Average Success: Measures the success rate of campaigns. This helps assess how successful attacks are.
  • Phishing Rate Changes: Shows changes in the phishing rate over time. This is monitored to improve security measures.
  • Potential Target Groups: Identifies groups that attackers could potentially target. This helps identify victim characteristics and risk factors.
  • Potential Targets: Lists individuals or departments that attackers could target. This provides critical information to strengthen the organization’s defense.
  • Recent Phished Targets: Lists the most recently phished individuals or groups. This helps the security team respond quickly.