Simulate the Attack Before an Attacker Does
Send controlled phishing campaigns from templates, see exactly who clicks, and turn each failure into targeted training. AgentFence makes phishing simulation part of a measurable human-risk loop.
Illustrative product view
Why simulate phishing
Phishing remains the most reliable way into an organization, and the only honest way to know your exposure is to test it. AgentFence runs phishing simulations from a template library (/api/v2/human-risk/phishing/templates) as managed campaigns (/phishing/campaigns), measures who clicks, and feeds the results into the human-risk scorer so the exposure becomes a number you can drive down.
How a campaign works
Run a simulation
- 1
Pick a template
Choose a lure from the template library - invoice, password reset, shared-file.
- 2
Target a cohort
Send the campaign to a team or the whole org.
- 3
Measure
Track who opens, clicks, submits credentials, or reports the phish.
- 4
Assign training
Route clickers to targeted awareness training automatically.
- 5
Re-test
Run again to confirm the click rate is falling for the trained cohort.
What you learn
| Behavior | Signal | Response |
|---|---|---|
| Opened only | Low concern | No action |
| Clicked the link | At risk | Assign training |
| Entered credentials | High risk | Priority training + follow-up |
| Reported the phish | Good behavior | Reinforce |
How it connects
Phishing simulation is the test half of the human-risk loop; security awareness training is the fix half. Campaign results feed the human-risk score, clickers are auto-assigned targeted modules, and the falling click rate becomes evidence that your human-risk program is working.
Frequently asked questions
What is phishing simulation?
Phishing simulation sends controlled, fake phishing emails to employees to measure who would fall for a real one. AgentFence runs campaigns from a template library, tracks who opens, clicks, or submits credentials, and feeds the results into a human-risk score so exposure becomes measurable and improvable.
What happens when someone clicks a simulated phish?
The click is recorded as a risk signal and the user can be auto-assigned targeted awareness training. Someone who enters credentials is treated as higher risk and gets priority training and follow-up, while someone who reports the phish is recognized for good behavior.
How does phishing simulation reduce risk?
It closes a loop: simulate an attack, identify who is vulnerable, assign targeted training, then re-test. Because you measure the click rate each round, you can see it fall over time for trained cohorts - turning phishing risk into a metric you actively manage.
Can I target specific teams?
Yes. Campaigns can be sent to a specific cohort - say Finance for an invoice-lure template - or the whole org. Targeting lets you test the teams most exposed to a given lure and tailor follow-up training to them.
Stay in the loop
One practical finance briefing a week - new guides, checklists, and benchmarks.
Test your phishing exposure
Run campaigns, measure the click rate, and drive it down with targeted training.
Talk to us