CanIPhish: The Free Phishing Email Simulator

Choose from 80+ phishing emails in 70+ languages in a virtual and interactive phishing email simulator.


What Is A Phishing Email Simulator?

Phishing email simulators typically provide users with the ability to view, modify, and deliver phishing material to a target. At the time of delivery, dynamically generated data is injected into the emails to personalize the email and payload to each unique target. This could include recipient information but also phishing payloads such as a unique phishing link or attachment.

How Does This Phishing Email Simulator Work?

This phishing email simulator provides an interactive experience showing how a phishing email would look before actually delivering it. This is done by creating a virtualized inbox within your web browser, simulating the look and feel of the real thing. To get started, simply select an email, select a language, and then modify the first name, last name, email address, company, and job title to include any information you want.


Select An Email
Select A Language

Note: Click the links and attachments to see what an employee would see!

Understanding Each Component Of A Phishing Email

Each phishing email is made up of 4 distinct components: The sender address, the email subject, the email body, and finally, the payload.

The Sender Address

This is who the email appears to come from. It’s one of the first things a recipient sees, and it needs to match the theme of the phishing email.

For example, if you’re sending a phishing email that’s masquerading as a bank, the sender address should use a display name that includes the bank's name, and the email address should either use a lookalike domain, obscure domain with a lookalike local-part address or even spoof the domain if possible.

The Email Subject

Alongside the sender's address will be the email subject. The subject needs to match what’s in both the sender's address and email body.

For example, if the phishing email is meant to be a notification from a bank, the sender address may include the keyword “Notification” somewhere in the display name, while the email subject may include themes of that keyword throughout.

The Email Body

Once a recipient has clicked on the email, it’s time for the email body to do its work. The email body needs to entice the recipient to perform some action, such as clicking on a link or downloading an attachment.

To entice the recipient, the email body will typically include urgency while also exuding legitimacy. On the surface, the email body needs to give the recipient no reason to question its legitimacy. The email body should include elements of personalization, use of logos, and official wording.

The Payload

This can be an attachment, a link, or even simply a response.

This is where the phish actually takes hold. Everything about the sender address, subject, and email body is focused on the recipient interacting with the payload. Once interacted with, the phishing email is considered a success and the recipient is deemed to be compromised.

How Does CanIPhish Help?

At CanIPhish, we utilize all 4 components to create phishing bundles. You simply select from one of our 75+ bundles, provide the target list, and schedule your campaign. If you'd like to send out a simulated phishing test and train your employees, simply sign-up for free and get started!