We send fake emails that resemble real attacks, but are harmless, to a defined community or workgroup. During the campaign, statistics are collected, such as who clicked on the link, who tried to enter confidential information, and who did not report the email. At the end of the campaign, the results are summarized and educational materials (short PDFs or micro-trainings) are provided to the community. Repeated and realistic simulations improve employee behavior, reveal organizational weaknesses, and help prevent real attacks. Experts usually recommend that programs be continuous and repeated every few weeks. Quick tips — how to recognize fake emails Be suspicious of the sender — beware of emails that you do not expect or make unusual requests. Check the URL before clicking on a link; look for the target that appears when you hover over the link. Do not respond to emails that request sensitive information, and if in doubt, report it to IT or our security team.