Graduate to PhishLine

It’s time to take your information security to an entirely new level

〉The most powerful phishing simulation platform available today





“Click here immediately to update your account information or your funds will be frozen.”







The PhishLine platform provides the most advanced features of any phishing simulation tool available on the market today. This powerful combination of technology and data allows you to:

  • Reduce the chance of social engineering attacks being successful.
  • Assess risk across your company.
  • Measure the effectiveness of your risk reduction efforts.

Learn how PhishLine’s advanced features can increase efficiency, reduce frustration, and provide needs specific results:


Address Book Utility

Get out of the address book management business. Quickly merge, purge, copy, reorganize, and remove duplicates from your address books.



Advanced Campaign Scheduling

Schedule long-term campaigns based on the day of the week and hour of the day with respect to global or target-specific time zones. For example, employees all over the world can receive emails during their business hours, only on weekdays, or over a set number of weeks, within a single campaign.


Advanced Campaign Targeting

There is no need to create multiple address books to generate defined campaigns. If you want to target a specific division, country, language code, time zone, or any other attribute, you may do so by applying filters right within the campaign scheduling interface.


Approval Workflow

PhishLine can help you ensure your corporate workflow and quality control processes are followed. You can assign approval rights to individuals to move campaigns into “Live” status.



Custom Address Book Attributes

Enjoy the ability to leverage extended attributes within your address books.  Make it easier for new or additional users to understand how your organization uses your instance. Customize phishing campaigns for specific groups or threats.

  • Assign custom labels and help text for address book attributes.
  • Use any attribute to schedule campaigns.  
  • Perform analysis based on any attribute or group of attributes.

Customer Awareness Domains

PhishLine can be used for more than mock-phishing campaigns. We support training and survey capabilities, too. However, alert employees sometimes refuse to click links embedded in invitation emails because they point to an external domain. To solve this problem, we support the use of “Customer Awareness Domains.” When sending out invitations, the system can replace the standard invitation links with links to a custom subdomain that you control.


Customer Owned Mail Servers

PhishLine supports sending emails from a valid email account on your corporate email server. This allows you to track user interactions with mail sent from your organization. The most common supported scenarios are sending:

  • Training invitations so your users can confidently click on the training link without thinking it is a phishing attack.
  • Information security announcements with verification that they were opened.
  • A simulated phishing attack from a “compromised” internal account.

Data Loss Prevention (DLP) Activation Strings

Embedding white-text within campaign emails and portable media campaigns can help you determine if messages are leaking out of your organization. With PhishLine’s first-in-the-industry DLP Activator, there’s no need to hack it in; we make it easy to manage with a simple checkbox.



Form Data Privacy and Profiling

What types of sensitive information are your users releasing to the wild? PhishLine’s patented method of protecting your private data is unmatched in any global phishing platform. Our secure, encrypted, system allows you to:

  • Ask users to submit form data on an unencrypted web page without sending their responses over the Internet.
  • Capture the fact that a password was entered without actually capturing the password.
  • Profile the types of information your users are entering without actually capturing the data itself.

GPS Testing

Spear phishers would love to know where to target your users. Can they visit a particular coffee shop to learn passwords or trade secrets? Find out if your users are sharing their locations on unknown web pages. We provide an optional test that can protect the privacy of your users while measuring their susceptibility to location-based social engineering attacks.


Highly Variable Campaigns

The most advanced attackers don’t send the same email to everyone in your company at the same time.  So, why should your phishing solution be limited to one test at a time? Our patented system allows for multiple combinations of email templates, landing pages, email account senders, and web server domains within a single campaign.

This enables unprecedented A|B tests which can be used to evaluate a risk-based hypothesis.  For example, you can determine if users are more likely to click on a simple text-only campaign or a highly formatted “marketing slick” style campaign.

Utilizing highly variable campaigns also helps train your users to recognize real-world techniques rather than just identifying a handful of mock phishing templates.


HTTPS/SSL Landing Pages

Do your users know the difference between secure and unsecure web pages? It is easy to find out by using HTTPS landing page servers instead of just HTTP for your phishing campaigns. Some common scenarios include:

  • You want the security of HTTPS on a landing page that collects information. This standard protection is provided in addition to our patented technology to limit what is collected on the HTTP-only forms.
  • You want to test if user behavior changes when interacting with HTTPS vs. HTTP landing pages.
  • You want to test if user behavior changes when interacting with HTTPS pages with recognized Certificate Authority (CA) authorized certificates vs. HTTPS pages with mismatched certificates.

Image Embedding/Linking

Are your users more likely to fall victim to an attack if they see images within an email? You can find out in the click of a checkbox with PhishLine.  Our image embedding/linking solution means users don’t have to manually download images once the email arrives.  You can imbed images as attachments or links to images within your email template.


Local IP Detection

Track the local IP address of a browser to help identify a particular machine within your environment with the click of a checkbox. PhishLine helps you secure your network beyond the human factor. We can identify software and browser vulnerabilities, so knowing which machine was used will help your technical staff harden your environment. Identifying the locations from which your network was accessed can help you determine if unauthorized users are attacking from remote sites. Local IP detection is especially useful for identifying machines used with portable media campaigns.


Multi-Factor Authentication

You can expect mature, enterprise-level, technical controls as standard operating procedures with PhishLine. Administrator logins require multi-factor authentication to help keep your campaign information safe.


Privacy Features

PhishLine provides the highest level of innovative privacy controls that are trusted by organizations worldwide. For example, our Anonymizer and Purger features allow you to securely manage individual privacy while maintaining group-level metrics.


Planning Module

Set your objectives, goals, or hypotheses.  Identify stakeholders and constraints.  You can professionally manage formal risk-based observations, including management responses and remediation.  


Risk Scoring

Do you need world-class risk analytics? You can assign point values to various events for risk-based analysis and gamification purposes.



Single-Pop Landing Pages

Single-Pop landing pages allow you to add a pop-up alert message when users try to leave a page without performing a required action, such as clicking on a training link or submitting a form.  For example, after the user clicks on the landing page, they:

  • Click on a training link or submit a form on the page. They would not receive a pop-up.
  • Try to click the “back,” “forward,” “reload/refresh,” or “close” buttons on the browser, or they type in a new URL on the address bar.  They would receive your custom pop-up message, and the browser would give them a choice to continue or return to the landing page.

Technical Profiling

Technical Profiling is the process by which a landing page asks the browser to share information about installed plugins and other technical capabilities so data can be displayed correctly. For example, a landing page typically can identify if a browser has the latest version of Acrobat, Flash, or Windows Media Player. Knowing the version information allows your technical team to harden your network from the back end.

The detection logic quietly works in the background and does not affect the functionality of the landing page content.  PhishLine has multiple engines that can be used for technical profiling. You can enable or disable the feature on each landing page.



Technical Vulnerability Profiling

PhishLine’s patented technology establishes an educational picture of known vulnerabilities based on the technical profile of the user’s machine.   While it is not meant to replace a traditional vulnerability assessment tool, it is amazing what you can learn about your technical environment once a user clicks on a link.

The important twist is to put this in the context of end-user security awareness – phishers and social engineers can learn this information about the user’s machine as well.  Technical Vulnerability Profiling can also help your technical team harden your network from the back end.


Time-Based Tagging

Phishers rely on urgency to get users to respond. You can embed advanced custom dates or times within your email templates based on the time each email is actually sent.  You can customize the format and time zone within the template.  You also can specify times that are relative to the email send time.

“Please call the above number in the next two hours, which is 2:43 pm EDT or 1:43 pm CDT.”

“Please complete your training no later than next week Tuesday at Noon (12:00 CDT November 14).”


Tiny Domains and URL Shortener

PhishLine allows you to use the type of URL most appropriate for your campaign.  Is a standard URL needed to see if your users are able to identify the real link source?  Or do you need to use the shortest domain name or URL possible?  PhishLine’s solution allows you to:

  • Control the domains and enable the URL shortener on a case-by-case basis.
  • Increase the engagement rate for non-traditional portable media campaigns, such as print campaigns. If the user has to type a URL, a shorter one is much easier.
  • Test the hypothesis that users are more likely to click on shorter links in a campaign versus longer.


X-Headers allow you to identify your email in specific ways.  For instance, an X-Header would allow your help desk to quickly identify a user-reported phishing email as a campaign email versus a real attempt. You may set customized X-Headers to be sent with every outbound email. Adding a custom heading allows you to further optimize your campaigns.


World’s Best Reporting

Not only do we collect more information than you would expect, we also have the most advanced reporting capabilities available.  With over 15,000 data points, PhishLine allows you to determine what information is of value to your organization. Our dedicated and knowledgeable support team will help you organize data into easily understood formats. Let PhishLine help you secure your human and mechanical resources from phishing and social engineering threats.