Phishing Simulation Service

Phishing attacks are often the starting point of a breach in business security. OnSecurity's phishing simulation services are phishing tests expertly designed to improve awareness of phishing scams across your organisation. Get your anti-phishing simulation and awareness quote today.

Get Instant Online Quote
Phishing Simulation Reporting Software

The basics

What is a Phishing Simulation Service?

Phishing scams are fraudulent attempts to acquire sensitive information such as credit card details, usernames and passwords. Pretending to be a trusted source through digital communications, typically emails, scammers will convince people to submit information, download malware, and more, usually for monetary gain.

With a phishing test, simulated phishing emails get sent to staff across your organisation. The emails act like phishing emails to get your employees to click links, enter passwords and perform other actions often requested by phishing emails. The test's purpose is that staff can make mistakes, fall for simulated phishing emails, and learn from their mistakes in a safe environment without the drastic consequences of a phishing scam.

OnSecurity Magnifying Glass
Network Penetration Test Reporting

Testing Benefits

What are the benefits of a Phishing Simulation Service?

Phishing scams can be extremely damaging to individuals and your business. Your staff must stay vigilant and aware of the latest phishing scams. Due to this, we can send emails annually or periodically throughout the year to maintain constant awareness of the threat of phishing scams.

We also offer 'spear-phishing', a phishing attack targeted at high-value targets like C-level execs, executive PAs and other people high up within your organisation. These high-value targets must be particularly wary of scams as they often have access to the most sensitive information. They pose the most significant risk to your business's cyber security.

Phishing scams are unique in that the weakest link in your security when it comes to them is not passwords, firewalls or outdated software but the people within your company. A phishing test will;

  • Assist your team in learning to identify, avoid and report phishing emails
  • Increase awareness of phishing emails and scams

Basic Phishing

Basic Campaigns

Basic phishing campaigns will send a specially crafted phishing email to an email or emails of your choice. This specially crafted email will contain a tracker and a link to a blank website. Once emails are issued to the target emails, OnSecurity will then log whether the recipients;

  • Open the email.
  • Follow the web link in the email to the blank website.

We will then generate a full report detailing which users opened the email and followed the web link.

Basic Phishing
Phishing Email Envelope

Intermediate Level Phishing

Intermediate Campaigns

Intermediate phishing campaign will again send a specially crafted phishing email with a tracker and a link to a website. However, in this instance, the website will be a specially crafted page simulating a legitimate service, such as a user login or data entry area. Once emails are issued to the target emailsOnSecurity will then log whether the recipients;

  • Open the email
  • Follow the web link in the email
  • Enter any credentials or data in the specially crafted web page

We will then generate a full report detailing which users opened the email, followed the web link and entered any data on the website.

Advanced Phishing

Spear Phishing

Advanced email phishing service will be a more targeted attack against specific individuals/emails. The advanced phishing emails will contain:

  • Malicious payloads or links to OnSecurity websites hosting malicious payloads

This test aims to obtain remote code execution access on the targets and thus indicate full compromise of the victim's device.

Once this access is obtained, OnSecurity will inform the client and await further guidance on whether to use this access to target the corporate network further.

Spear Phishing Email Envelope
CREST Penetration Testing Logo

CREST Registered - CREST Certified

Are you CREST Certified?

OnSecurity is a CREST (Council of Registered Ethical Security Testers) approved vendor. This means that CREST has externally vetted all our test methodologies, processes, policies and procedures to ensure we are operating to the highest standards possible in the pentesting industry.

On top of this, most of our testers are CREST certified, meaning they have been through a CREST assault course (or CREST-recognised equivalent) to ensure they have the requisite skills needed to find and exploit vulnerabilities in a safe and controlled manner.

This external validation means you can be confident your pentests are being carried out to the highest standard by vetted and tested consultants who use a best-in-class manual-first approach to testing.

Getting Started

How do I book a Phishing Test?

To book a phishing test, you can get a free online quote or you simply need to get in touch with our team. You can do this by calling us on +44 (0) 20 3289 6710 or email us on

Get A Quote
Question Speech Bubble


Our Services Area

Web Application Testing

Make sure hackers can’t steal data via your main web app, and protect your app users.

Read More

Mobile Application Testing

Android, iOS and cross platform we test them all.

Read More

Cloud Security Testing

Make sure your deployments are secure - including AWS, Azure and GCP.

Read More

External Infrastructure Testing

Test to see how your external IT perimeter would hold up against intruders.

Read More

Internal Infrastructure Testing

See what hackers can do once they are inside your network.

Read More

Phishing Simulation

32% of breaches involve phishing, test to make sure you’re not next.

Read More

Physical Penetration Testing

Office blocks, factories and power plants - if it has a door we can test it.

Read More

Social Engineering

Grabbing sensitive information over the phone or via email - you’ll be suprised what attackers can get

Read More

Need A Hand?

Get In Touch