Skip to content

The platform

One platform for the whole phishing program

Simulate, train, and measure human risk in a single workspace. PhishSpot runs realistic phishing campaigns, teaches the people who click, and tracks the full funnel — campaign over campaign, in English and Polish.

Capabilities

Seven areas, one connected workflow

Every area shares the same contacts, sending domains, and reporting — nothing to stitch together.

Phishing simulations

A six-step builder, 48 hand-written templates, and a live HTML editor with merge tags and test sends.

Autopilot

Set an intensity once and PhishSpot keeps the right people trained on a cadence, new hires included — hands-off.

Sequences

Design branching, multi-touch journeys: phish, wait, branch on who opened or clicked, then assign training.

Security training

Deliver a course the moment someone clicks — the teachable moment — with text, video, quiz and interactive blocks.

Reporting & analytics

The full funnel from Sent to Trained, per-person timelines, risk scores and trends you can export.

Deliverability & domains

Managed sending domains with automatic SPF, DKIM and MX, plus whitelist exports so sims reach the inbox.

Integrations & API

Entra directory sync, Microsoft 365 SSO, signed webhooks, a REST API and around 60 MCP tools.

One workspace

One workspace, the whole program

Contacts, groups, campaigns, courses, domains and reports live together. Give the team the right role and run the entire loop without leaving PhishSpot.

  • Shared everything — the same audiences and sending domains feed campaigns, Autopilot and sequences.
  • Three roles — Admin, Editor and Member, with per-account isolation for multi-tenant setups.
  • Exports built in — reports to PDF, DOCX, Markdown, RTF and CSV, straight from the dashboard.
platform.phishspot.com/dashboard
One workspace, the whole program
How it works

From empty account to first insight in an afternoon

Five steps every program follows — PhishSpot removes the busywork between them.

  1. 01

    Onboard

    Set your account, industry, and phishing-report inbox. Optionally connect Microsoft Entra.

  2. 02

    Build audience

    Import contacts by CSV or sync from your directory, then organize them into groups.

  3. 03

    Run

    Launch a one-off campaign, an Autopilot program, or a branching sequence.

  4. 04

    Teach

    Anyone who clicks gets a course or awareness page — the moment it matters most.

  5. 05

    Measure

    Watch the funnel, per-person timelines, and trend lines. Export to PDF or Excel.

48

Ready-to-send templates

Hand-written, 24 EN + 24 PL

2

Languages, end to end

UI, templates, reports & manual

6

Funnel stages tracked

Sent → … → Trained

10

Whitelist export formats

M365, Google, Mimecast & more

Questions

What the platform actually gives you

What can I actually do on the platform?

The whole phishing-program loop: build and send simulations, train the people who click, and measure human risk over time. Contacts, sending domains, courses and reports all live in one place.

Do I need separate tools for simulations and training?

No. Simulations, on-click training, sequences and reporting are one platform sharing the same contacts and domains. Nothing to stitch together and no copying data between products.

Is it really bilingual?

Yes. The interface, the 48 templates, the courses, the reports and the full admin manual all exist in English and Polish. The Polish content is written by people, not machine-translated.

Can I run it across multiple client organizations?

Yes. PhishSpot is multi-tenant, with per-account isolation, three roles, and a full REST API plus MCP server — a fit for MSPs and MSSPs running programs at scale.

See the whole platform in action

Book a 30-minute demo and we’ll build a live campaign against a test group with you. Or start a free trial and explore the platform yourself.