Case Study – Phishing Simulator


We have previously written about how phishing attacks are rising, increased risks that working from home bring and shared with you a google quiz test to see if you can spot Phishing bait. Today we are going to share a case study of how we have helped Client X by setting up a phishing simulator and associated reports (identity hidden for security reasons).


Phishing is an entry point for ransomware attacks and is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details. Typically carried out by email spoofing, it often directs users to enter personal information on a fake website, the look and feel of which are identical to a legitimate site.

Every employee is a potential phishing target - from CEO's and finance teams who are the gatekeepers of corporate funds, HR and legal teams who deal with personal data and bank account details, IT staff who have access to sensitive information and administrators who often assist the whole business.

Client X is ISO27001 registered.  ISO27001 is an international standard on how to manage information security.  It confers certain obligations onto its members and therefore Client X has strict procedures and practices to follow.

Client X holds valuable customer data and has an obligation to be as secure as possible.  Shadowfax strongly recommend using a anti-spam/anti-virus and anti phising product such as Barracuda to all of our clients.  Due to ISO27001 requirements Client X needed extra protection.

Client X needed to regularly simulate phishing attacks and have reports on how staff reacted to them - would anyone be complacent and click the bait?!



Shadowfax set up a regular 2 monthly schedule which included monthly phishing simulation and monthly reporting stating which, if any, staff clicked on bait and how staff generally reacted to the email - by tracking the those who deleted it and those who forwarded it.  The phishing simulation is regularly conducted to keep a close check on the staff to swiftly identify any shortcomings to aid in identifying who would benefit from additional training and where this training needed to focus.

Prior to any phishing training the average company has a phishing attack failure rate of 40% though this does vary per industry.  90% ransomware attacks and data loss start with a phishing attack therefore it is very important to put software in place to prevent and also incorporate regular training of those using the emails.


Get in touch





Your trusted IT partner








Taking care of business





Our packages


Although we know each business has different needs, we have put together our most common support packages so you can get an idea of the support we can offer.



We can also tailor packages to suit particular needs. Please call if you would like to talk about a slightly different mix of services/products and we will be happy to help.


Enables businesses to sit back and relax whilst we take care of all your IT requirements.

Discover more >



A fully-managed outsourced IT helpdesk with a few useful added extras.

Discover more >



Unlimited report support and 2hrs onsite support/mth, as well as annual asset reports.

Discover more >



Everything you need to support up to 10 users with unlimited remote support from our helpdesk.

Discover more >


IT Support

Shadowfax delivers the right level of IT support to suit clients’ needs, from fully- outsourced to a cherry-picked collection of services to bolt onto your in-house team.

Read more
Cloud Services

Whether your business needs complete cloud, or more of a hybrid cloud approach, we’re here to support any requirement from end to end.

Read more
Backup & Recovery

We offer secure platforms for complete data backup and server imaging with managed monitoring and recovery.

Read more
Professional Services

Whatever your active or future project demands are, we have the expertise, certifications and experience to provide you with the consultancy you need.

Read more
Data Security

We offer a variety of solutions for professional data security practices to suit all requirements and budgets.

Read more
Comms & VoIP

Shadowfax can deliver and manage a range of telephony, VoIP & communications solutions from analogue telephone lines to fibre-leased lines.

Read more
Hardware & Software

Shadowfax supply a comprehensive range of hardware & software solutions ranging from end-user devices such as PCs & tablets to servers.

Read more
Essential Infrastructure

We supply the back-bone IT infrastructure that allows us to deliver competitive, cutting- edge solutions for security, networking and wireless.

Read more