The platform
One platform for the whole phishing program
Simulate, train, and measure human risk in a single workspace. PhishSpot runs realistic phishing campaigns, teaches the people who click, and tracks the full funnel — campaign over campaign, in English and Polish.
Seven areas, one connected workflow
Every area shares the same contacts, sending domains, and reporting — nothing to stitch together.
Phishing simulations
A six-step builder, 48 hand-written templates, and a live HTML editor with merge tags and test sends.
Autopilot
Set an intensity once and PhishSpot keeps the right people trained on a cadence, new hires included — hands-off.
Sequences
Design branching, multi-touch journeys: phish, wait, branch on who opened or clicked, then assign training.
Security training
Deliver a course the moment someone clicks — the teachable moment — with text, video, quiz and interactive blocks.
Reporting & analytics
The full funnel from Sent to Trained, per-person timelines, risk scores and trends you can export.
Deliverability & domains
Managed sending domains with automatic SPF, DKIM and MX, plus whitelist exports so sims reach the inbox.
Integrations & API
Entra directory sync, Microsoft 365 SSO, signed webhooks, a REST API and around 60 MCP tools.
One workspace, the whole program
Contacts, groups, campaigns, courses, domains and reports live together. Give the team the right role and run the entire loop without leaving PhishSpot.
- Shared everything — the same audiences and sending domains feed campaigns, Autopilot and sequences.
- Three roles — Admin, Editor and Member, with per-account isolation for multi-tenant setups.
- Exports built in — reports to PDF, DOCX, Markdown, RTF and CSV, straight from the dashboard.

From empty account to first insight in an afternoon
Five steps every program follows — PhishSpot removes the busywork between them.
- 01
Onboard
Set your account, industry, and phishing-report inbox. Optionally connect Microsoft Entra.
- 02
Build audience
Import contacts by CSV or sync from your directory, then organize them into groups.
- 03
Run
Launch a one-off campaign, an Autopilot program, or a branching sequence.
- 04
Teach
Anyone who clicks gets a course or awareness page — the moment it matters most.
- 05
Measure
Watch the funnel, per-person timelines, and trend lines. Export to PDF or Excel.
48
Ready-to-send templates
Hand-written, 24 EN + 24 PL
2
Languages, end to end
UI, templates, reports & manual
6
Funnel stages tracked
Sent → … → Trained
10
Whitelist export formats
M365, Google, Mimecast & more
What the platform actually gives you
What can I actually do on the platform?
The whole phishing-program loop: build and send simulations, train the people who click, and measure human risk over time. Contacts, sending domains, courses and reports all live in one place.
Do I need separate tools for simulations and training?
No. Simulations, on-click training, sequences and reporting are one platform sharing the same contacts and domains. Nothing to stitch together and no copying data between products.
Is it really bilingual?
Yes. The interface, the 48 templates, the courses, the reports and the full admin manual all exist in English and Polish. The Polish content is written by people, not machine-translated.
Can I run it across multiple client organizations?
Yes. PhishSpot is multi-tenant, with per-account isolation, three roles, and a full REST API plus MCP server — a fit for MSPs and MSSPs running programs at scale.
See the whole platform in action
Book a 30-minute demo and we’ll build a live campaign against a test group with you. Or start a free trial and explore the platform yourself.

