A Free Phishing Simulator. Automated & Gamified.
We've seen first-hand how legacy vendors make it difficult to set up simulated phishing and security awareness training. That's why the team at CanIPhish has focused on creating a platform that removes complexity and empowers our customers.
A Self-Service Cloud Platform
- Free Phishing Simulations - CanIPhish provides its training and phishing simulator free of charge under a perpetual free tier.
- Integrated eLearning Platform – Run standalone security awareness training campaigns or auto-assign micro-learning to employees who fall for phishing emails.
- Realistic Phishing Templates – Build your own templates or choose from our regularly updated global and locally-themed phishing websites and email templates.
- Advanced Real-Time Reporting - Track campaigns in real-time, schedule reports, track trends, and much more...
- Multi-Language Content - Seamlessly translate phishing and training content to one of 75 supported languages.
Create An Account
Simply provide your email address, name, and company to access our free tier. No credit cards are necessary!
Upload Your Employees
Upload the email addresses of employees you'd like to train with both manual and automated data imports available.
Send Phishing & Security Awareness Campaigns
Schedule your first simulated phishing and security awareness training campaign. See our public demo!
Phish, Train and Improve
Track employee compromises, reported phishing, training assignments, and employee risk from a single unified console.
- Employee Risk Scoring - Identify employees at a low, medium, and high risk of phishing.
- Report Phish Plugins - See which employees report suspected or simulated phishing.
- Phishing Statistics – Track phishing email opens, links clicked, credentials compromised, and attachments opened.
- Training Statistics – Track employee training that has been assigned, completed or are overdue.
Free Phishing Tools. All In One Place.
Leverage our library of micro-learning training courses to quickly and efficiently train your employees!
Take control of your phishing campaigns with customizable phishing emails, websites, sender profiles and delivery frequencies.
Ticket, chat, email, and phone support available. Additionally, get the most out of CanIPhish with our comprehensive knowledge base.
Gain full access to the ever evolving library of phishing emails and websites that CanIPhish maintains.
Our highly dynamic platform enables you to use either our hosted mail and web servers or your own.
Whether you’re an enterprise looking to train users, a red teamer conducting a penetration test, or a hobbyist, we have you covered.
Have Questions? We Have Answers.
CanIPhish was founded under the belief that every business should have access to the tools needed to train their staff against cyber threats. To support this goal, CanIPhish offers a perpetual free tier designed to help the needs of small businesses and startups.
While we offer a perpetually free phishing simulator, we also provide paid subscription options for large customers or those needing a more tailored training experience. It's through our paid customers that we're able to subsidize and offer our perpetual free tier.
Customers operating in the free tier have two restrictions applied. These restrictions include:
- A limit on the number of employees who can be trained on a monthly basis. This limit is set to 10 employees.
- A limit on specific phishing and training material. Approximately half the phishing emails and training modules in CanIPhish libraries are limited to paying customers.
CanIPhish uses three techniques to make phishing emails appear realistic.
- We continuously monitor emerging cyber threats and analyze the tactics, techniques, and procedures used. We then modify our existing library or add new phishing content based on analyzed activity.
- We take advantage of real-world misconfigurations to support domain spoofing. If a customer, supplier, or partner uses a domain vulnerable to spoofing, you can abuse this in phishing tests to add an additional layer of realism.
- Every phishing email in our library has some form of secondary action getting tracked. This is supported through the tracking of email responses, tracking of phishing website clicks, and the opening of email attachments. This is designed to replicate the workflow of a real-world phishing attack.
No. CanIPhish provides all the infrastructure and phishing content needed to conduct phishing tests. We provide hosted email servers and phishing websites. We additionally support the use of third-party infrastructure if you need complete control over email delivery or website interaction tracking.
The team at CanIPhish has developed an entirely self-service platform. We empower our customers through an easy-to-use platform that contains detailed knowledge base articles and video walkthroughs. You can sign up for free, evaluate the platform, review our public pricing, and upgrade your subscription without interacting with a sales representative.
A Fully Featured Free Phishing Simulator.
- 75+ Phishing Emails - Themed against popular services that employees use day-to-day.
- Completely Multi-Lingual – Each phishing email is available in 74 different languages and can be seamlessly converted on a campaign-by-campaign basis.
- Spoof Domains – Abuse real-world misconfigurations to spoof domains and an additional layer of realism to phishing campaigns.
- Fully Customizable - Modify the email subject, body, sender profile, payload and insert variables to dynamically populate information at the time of sending (e.g. first name, last name, etc.)
Employees Receive Phishing
Phishing emails entice employees to perform an action that will ultimately harm themselves or the business they work for.
Employees Interact With The Phish
By opening the malicious attachment, entering their credentials into the phishing website or simply responding to the email.
Employees Receive Educational Training
In the form of micro-learning training modules that are assigned and designed to be completed in 5-10 minutes.
Curious what an employee will see when you send a phish? Take a look at our email inbox simulator.
Train your employees by sending them real-world phishing material and tracking payload interactions.