Phishing Email Simulator (A Virtual Inbox In Your Browser)

Choose from 70+ phishing emails in 70+ languages in a fully virtualized email inbox in your web browser.


Select An Email
Select A Language

Note: Click the links and attachments to see what an employee would see!

What Is A Phishing Email Simulator?

A phishing email simulator is a tool that lets you interact with phishing emails without the need to deliver them to a recipient inbox. This is done by creating a virtualized inbox with a web browser, simulating the look and feel of the real thing.

Additionally, a phishing email simulator needs to provide the ability to dynamically modify information that would be injected at delivery time. This could include recipient information such as a first name, last name, or job title, but also phishing data such as a unique phishing link, phishing attachment, or other form of payload.

How Does This Tool Work?

The team at CanIPhish developed this phishing email simulator to provide you with an interactive experience to see how a phishing email would look before actually delivering it. Each simulated phishing email is made up of 4 distinct components.

The Sender Address

This is who the email appears to come from. It’s one of the first things a recipient sees, and it needs to match the theme of the phishing email.

For example, if you’re sending a phishing email that’s masquerading as a bank, the sender address should use a display name that includes the bank's name, and the email address should either use a lookalike domain, obscure domain with a lookalike local-part address or even spoof the domain if possible.

The Email Subject

Alongside the sender's address will be the email subject. The subject needs to match what’s in both the sender's address and email body.

For example, if the phishing email is meant to be a notification from a bank, the sender address may include the keyword “Notification” somewhere in the display name, while the email subject may include themes of that keyword throughout.

The Email Body

Once a recipient has clicked on the email, it’s time for the email body to do its work. The email body needs to entice the recipient to perform some action, such as clicking on a link or downloading an attachment.

To entice the recipient, the email body will typically include urgency while also exuding legitimacy. On the surface, the email body needs to give the recipient no reason to question its legitimacy. The email body should include elements of personalization, use of logos, and official wording.

The Phishing Payload

This can be an attachment, a link, or even simply a response.

This is where the phish actually takes hold. Everything about the sender address, subject, and email body is focused on the recipient interacting with the payload. Once interacted with, the phishing email is considered a success and the recipient is deemed to be compromised.

How Can CanIPhish Help?

At CanIPhish, we utilize all 4 components to create phishing bundles. You simply select from one of our 70+ bundles, provide the target list, and schedule your campaign. If you'd like to send out a simulated phishing test and train your employees, simply sign-up for free and get started!