Phishing Campaign Simulation
Targeted spear phishing campaigns to measure security awareness and test email defenses.
Phishing Campaign Simulation
Phishing campaign simulation delivers controlled, realistic email attack scenarios to measure how many of your employees click, submit credentials, or execute payloads — and how many correctly report suspicious messages. Unlike generic phishing training platforms that send obvious template emails, Intelliroot's operators craft targeted spear phishing campaigns using OSINT-gathered context about your organisation, your people, and your technology stack. Emails reference real internal systems, vendor names, and credible scenarios that closely mirror the tactics used by active threat actors, producing a far more accurate measurement of genuine susceptibility.
Simulations are available across a maturity spectrum — from broad baseline campaigns measuring click rates across the entire organisation, to precision whaling attacks targeting the C-suite, finance team, or privileged IT administrators. Credential harvesting pages are hosted on lookalike domains with realistic clones of your internal portals or vendor login pages. Every campaign integrates with your security awareness training platform to automatically route employees who fail into targeted remedial training, creating a closed-loop improvement cycle. Intelliroot supports leading platforms including KnowBe4, Proofpoint Security Awareness, and custom LMS integrations.
Bypass Testing Included: Beyond measuring employee behaviour, every phishing simulation includes a technical assessment of your email security stack — testing whether your email gateway, SPF/DKIM/DMARC configuration, URL filtering, and sandbox detonation controls would have blocked the simulated attack before it reached the inbox. Many organisations discover their security controls have critical gaps even when employees perform well.
Why Phishing Simulation Is a Security Baseline
Phishing Initiates 91% of Attacks
From ransomware to nation-state espionage, the vast majority of successful breaches begin with a phishing email. Knowing your susceptibility baseline is the first step to reducing the risk.
Measure, Don't Assume, Awareness
Security awareness training completion rates tell you nothing about actual behaviour under a realistic attack. Simulation provides the only reliable measure of whether training is translating into safer decisions.
Email Gateways Have Blind Spots
Advanced spear phishing using aged domains, personalised content, and legitimate cloud infrastructure regularly bypasses email security products. Simulation reveals gateway gaps before a real attacker exploits them.
Compliance Requires Regular Testing
ISO 27001, CERT-In guidelines, RBI Cyber Security Framework, PCI DSS, and SOC 2 all expect organisations to conduct periodic phishing simulations as part of a security awareness programme.
Campaign Types We Deliver
Spear Phishing
- OSINT-personalised emails referencing real internal context
- Credential harvesting pages cloning internal or vendor portals
- Malicious attachment simulation (macro documents, LNK files)
- OAuth consent phishing targeting Microsoft 365 and Google Workspace
- AiTM (Adversary-in-the-Middle) proxy phishing to capture MFA sessions
Whaling & Executive Targeting
- Highly personalised campaigns targeting C-suite and board members
- Board portal and investor relations themed lures
- Legal and regulatory notice pretexts for maximum urgency
- Executive assistant targeting for indirect access paths
- Combined spear phishing and vishing follow-up scenarios
Email Gateway Bypass Testing
- SPF, DKIM, and DMARC configuration assessment
- Aged domain and lookalike domain detection evaluation
- URL rewriting and sandbox evasion technique testing
- Attachment detonation and sandboxing effectiveness review
- Microsoft 365 and Google Workspace security baseline review
Baseline & Programme Campaigns
- Organisation-wide baseline susceptibility measurement
- Quarterly recurring campaigns to track improvement over time
- Department-specific targeted campaigns for high-risk roles
- New-hire onboarding phishing simulation programme
- Integration with KnowBe4, Proofpoint, and custom LMS platforms
Campaign Execution Process
Reconnaissance & Lure Development
Intelliroot operators conduct OSINT on your organisation to gather context for realistic lures — internal system names, vendor relationships, HR and finance processes, and recent company events. This intelligence is used to craft emails that employees would genuinely find credible, rather than the generic templates that most employees have learned to recognise.
Infrastructure & Payload Preparation
Register aged lookalike domains, configure email sending infrastructure with valid SPF/DKIM records to maximise inbox delivery, and build credential harvesting pages or payload delivery mechanisms as agreed in scope. All infrastructure is isolated, monitored, and decommissioned immediately after campaign completion.
Controlled Campaign Delivery
Deliver campaign emails according to the agreed schedule — staggered delivery, time-zone-aware dispatch, and controlled volume to avoid triggering bulk-send detection in email security products. Track delivery, open, click, credential submission, and report events in real time via campaign tracking infrastructure.
Email Security Stack Assessment
In parallel with employee behaviour measurement, test whether your email gateway, URL filtering, and sandbox controls would have independently blocked the campaign. Document which detection layers the simulated attack passed through and which controls, if any, flagged it.
Reporting, Training Integration & Remediation
Deliver campaign metrics segmented by department, role, and email client. Provide targeted training content for employees who failed, ready for immediate deployment via your awareness platform. Deliver technical recommendations for email gateway hardening and detection rule improvements identified during the campaign.
Frequently Asked Questions
Deliverables
Campaign Metrics Report
Detailed quantitative results: delivery rate, open rate, click rate, credential submission rate, payload execution rate, and report rate — segmented by department, role, location, and email client.
Executive Susceptibility Summary
Board-ready summary of organisational phishing susceptibility, benchmark comparison against industry peers, trend analysis (for repeat engagements), and strategic recommendations for awareness programme investment.
Email Security Stack Assessment
Technical findings on which email security controls (gateway, URL filtering, sandbox, DMARC) the simulated attack bypassed, with specific remediation recommendations for each gap identified.
Targeted Training Content Package
Custom awareness materials addressing the specific attack scenarios used in the campaign — including scenario walk-throughs, red-flag identification guides, and reporting procedure reminders — ready for immediate deployment.
Technical Remediation Recommendations
Actionable hardening recommendations for your email gateway, Microsoft 365 or Google Workspace security configuration, DMARC policy enforcement, and URL filtering rules based on campaign bypass findings.
Request a Security Assessment
Tell us about your environment and security objectives. We'll design a bespoke assessment and deliver a detailed proposal within 48 hours.