Our services


  • Virtual Risk Officer (VRO) feature, provides insight and actionable metrics that will allow you to understand the attack surface of your organization, and learn what users might be more vulnerable to a phishing attack. VRO provides dynamic risk scores, assigned to users, groups, and your organization as a whole, which enable you to make data-driven decisions when it comes to your security awareness plan and understand what users are the most susceptible to a phishing attack.
  • Industry Benchmarking feature lets you compare your organization’s Phish-prone percentage™ with other same-size organizations in your space
  • Initial free Phish-prone percentage test for 100 users (more on request)
  • Year-round all-you-can-eat simulated phishing attacks
  • Unlimited yearly use of all phishing templates
  • We create regular “Current Events” templates you can send to users
  • Set-it-and-forget-it scheduling of phishing campaigns
  • Full library with 4,000+ successful phishing templates
  • Easily create your own templates
  • Community Templates: share and use other people’s phishing templates
  • Customizable phishing attacks
  • Customizable landing pages
  • Phishing Security Test email reports sent to admin at the end of a phishing campaign
  • “Anti-prairie dog” campaigns which send random templates at random times
  • Ability to skip weekends in campaigns and assign time zone and working hours
  • New Office templates with macros to simulate ransomware attacks
  • GEO-location – See where your simulated phishing attack failures are on a map, with drilldown capability and CSV-export options.
  • Ability to create templates that emulate spoofed CEO Fraud attacks
  • Automatic “Scam Of The Week” Campaign – sent to all employees
  • Social Engineering Indicators™ patented technology turns every simulated phishing email into a tool you can use to dynamically train employees by instantly showing them the hidden red flags they missed within that email
  • USB Drive Test™ allows you to test your user’s reactions to unknown USBs they find
  • Targeted spear-phishing campaigns, replace fields with personalized data
  • “Click Only” and traditional Data Entry of sensitive information (credentials)
  • Customized scenarios based on public and/or personal information
  • Tests for opening MS Office Attachments: Word, Excel, PPT, and PDF (also zipped) and also HTML attachments
  • Variable phishing campaign length, max six months
  • Summary Information about all phishing campaigns
  • Free Phishing Attack Surface – analysis of emails belonging to your domain
  • Phish-Prone Percentage Comparison for different user groups
  • Program trend reporting
  • Vishing Security Tests using IVR attacks over phone (Gold level on up). Supports US and International, both pre-recorded messages and text-to-speech campaigns using system templates or admin-customized templates. 
  • Customizable “hover-links” when a user “mouse-overs”
  • Multi-domain accounts for admins or MSPs who manage multiple organizations (no extra charge)
  • Top 10 Criminal Phishing Emails of the week – defanged and ready to send to employees

Frequently Asked Questions

Phishing is a common type of scam used to elicit confidential, lucrative, and/or sensitive information. Most often, phishing comes in the form of emails appearing to be sent from a trustworthy company or person but containing malicious links, requests for information, or harmful attachments. Some links in phishing emails contain malware which, if clicked, will install malware onto your device that can monitor your computer’s keyboard. These recordings capture information such as passwords or credit card numbers and then relay that data to identity thieves.

You should protect all sensitive and confidential data

Spam is electronic junk mail or, more broadly, unsolicited sales emails. Spam differs from phishing because spam emails will not request sensitive or confidential information; rather they will attempt to sell you an item, service, or subscription.

No, scammers also utilize phone calls, SMS texts, and social media sites to trick you into giving up sensitive and confidential information.

  • If you receive a request in which you are asked for confidential information, do not reply or click links or attachments.
  • Remember that neither USC nor ITS will ever request that you submit personal information, including any passwords, over email.
  • Never provide confidential information or documents through email. Always call or provide this type of information in person, when possible.
  • If in doubt about an email, call the company/individual directly to verify. Be sure to call the phone number listed publicly online (if applicable). Do not use any phone numbers listed in messages sent to you.