Phishing Simulation Add-on

Find Out Who Would
Click Before
Hackers Do

SecureAZ sends realistic phishing emails to your team automatically — monthly or quarterly. You see exactly who's at risk. Anyone who clicks gets instant remedial training. Set it once and forget it.

Start Free Trial → See Pricing

Add-on from NZ$29/mo · flat rate · any team size · included free on Scale plan

Why phishing simulation matters
91%
of cyberattacks start
with a phishing email
30%
of untrained staff click
simulated phishing emails
less likely to click after
regular phishing training
50+
NZ & AU localised
phishing templates
Set and forget. Configure once — we auto-select templates, schedule sends, track clicks, and enrol clickers in training automatically.

How It Works

Four Steps. Zero Admin After Setup.

Configure once and the platform handles everything forever — scheduling, template selection, sending, tracking, and remedial training.

1

Configure Once

Choose monthly or quarterly frequency. Pick your country (NZ, AU, or US) for localised templates. Enable auto-selection or hand-pick from 50+ templates. Done.

2

We Send the Bait

SecureAZ sends a realistic phishing email to every person in your organisation at a random time during business hours — from dedicated domains with proper DKIM/SPF authentication so it lands in the inbox.

3

We Track Who Clicks

Opens, clicks, credential submissions, and reports are all tracked per recipient. Anyone who clicks sees a branded "You've been phished" education page showing exactly which red flags they missed.

4

Training Kicks In

Clickers are automatically enrolled in the relevant remedial training module — no manual follow-up required. You get a post-campaign summary email with the full stats.

Platform Features

Everything You Need to Run
a World-Class Phishing Programme

Built specifically for NZ and AU businesses — no enterprise complexity, no per-seat email limits, no SMTP headaches.

Set-and-Forget Scheduling

Choose monthly (12/yr) or quarterly (4/yr). The system runs forever without any manual input. Change frequency or pause anytime from the dashboard.

NZ & AU Localised Templates

50+ templates tagged by region. NZ templates include IRD, NZ Post, Inland Revenue, ASB, ANZ. AU templates include ATO, Australia Post, CommBank. Auto-selected based on your country setting.

Realistic Sending Infrastructure

Dedicated phishing domains with DKIM/SPF authentication and Postfix mail servers. Emails actually reach the inbox — no SMTP limits, no 3rd-party relay caps.

Open, Click & Report Tracking

Pixel tracking for opens. Per-recipient click timestamps. Credential submission tracking. Report tracking for staff who forward suspicious emails to [email protected].

Instant Remedial Training

Anyone who clicks is redirected to a branded "You've been phished" education page showing the red flags they missed, then automatically enrolled in the relevant training module.

Post-Campaign Reports

Automatic summary email to admins after each campaign. Dashboard shows sent / opened / clicked / reported / trained counts with click-rate trends across campaigns.

Outlook & Gmail Report Button

Step-by-step setup guides for Microsoft 365 (Outlook desktop + web) and Google Workspace. Staff forward suspicious emails — the system auto-detects sim emails and credits the reporter.

AI-Powered Insights

Built-in AI analysis after each campaign highlights trends, identifies high-risk users who've clicked multiple times, and suggests actions to reduce click rates over time.

High-Risk User Identification

The dashboard flags staff who have clicked in 2 or more campaigns — your highest-priority people for targeted training and follow-up before a real attack finds them first.

Template Library

50+ Realistic Phishing Templates

Every template mimics a real attack your team would actually face — from CEO fraud to fake IT helpdesk requests. Graduated difficulty builds resilience over time.

Easy — builds baseline awareness Medium — tests attention to detail Hard — advanced social engineering
Easy GLOBAL
CEO Gift Card Request
Subject: Quick favour needed
ceo-fraud
Easy GLOBAL
Amazon Order Confirmation
Subject: Your order of $349.99 has been placed
credential-harvest
Easy NZ
IRD Tax Refund
Subject: You have a pending tax refund
credential-harvest
Medium GLOBAL
Microsoft MFA Required
Subject: Action required: verify your account
credential-harvest
Medium GLOBAL
Supplier Invoice — Changed Bank Details
Subject: Updated invoice — new banking details
invoice-fraud
Medium NZ
NZ Post Parcel Pending
Subject: Your parcel is waiting — pay fee to release
credential-harvest
Hard GLOBAL
SharePoint File Shared
Subject: [First Name] shared a file with you
credential-harvest
Hard GLOBAL
Microsoft Teams Missed Message
Subject: You missed a call in Microsoft Teams
credential-harvest
42+
more templates in the library — NZ, AU, US & Global

New templates added regularly. All templates reviewed for NZ & AU relevance. Auto-selection rotates through categories and escalates difficulty over time.

Reporting & Analytics

See Exactly Who's At Risk
and How You're Improving

Every campaign generates a complete data picture. Your dashboard shows click-rate trends across campaigns, flags high-risk users who've clicked multiple times, and gives AI-powered recommendations after each run.

  • Per-campaign stats
    Sent · Opened · Clicked · Reported · Enrolled in training — all in one view
  • Click-rate trend chart
    Visual bar chart showing phish-prone % across your last 3 campaigns — with industry average benchmark
  • High-risk user list
    Staff who've clicked in 2+ campaigns are flagged with their last click date — your priority people for follow-up
  • AI insights after every campaign
    Automated analysis highlights what went well, what to focus on, and specific actions to reduce click rates
  • Exportable for compliance & insurance
    All phishing simulation data is included in your training reports — ready for cyber insurers or auditors
SecureAZ — Phishing Simulations
20
Sent
10%
Clicked
5%
Reported
2
Enrolled
0
Trained
Click Rate Trend↓ Improving
30%20%10%
Industry avg: −14%
High-Risk Users
Liam Johnson2× clicked
Priya Sharma2× clicked

Add Phishing Simulations
to Any Plan

Flat-rate monthly add-on. No per-seat charges. No email limits. Included free on the Scale plan.

Start Free Trial → See All Pricing
Phishing Simulation — Pricing
NZ$29
/mo
A$25
/mo
US$19
/mo
  • Unlimited campaigns
  • Flat rate — any team size
  • 50+ NZ / AU localised templates
  • Free on Scale plan (≤250 users)

Phishing Simulation FAQ

Will staff know the phishing emails are fake?
That's the point — they shouldn't. The emails are crafted to look legitimate. We recommend telling staff in general terms that "security testing may occur" without revealing timing or methods. This keeps the simulations effective while giving employees a heads-up that testing is part of your security programme.
Will the phishing emails land in spam?
SecureAZ uses dedicated phishing domains with full DKIM/SPF authentication and Postfix mail servers — the same infrastructure real attackers use. Emails are designed to land in the inbox. For Microsoft 365 environments, we provide a whitelisting guide to ensure delivery.
How many emails can I send per campaign?
Unlimited. We run our own mail servers — there are no SMTP limits, no third-party sending caps, and no extra charges per email. Whether your team is 10 people or 250, the flat monthly add-on price covers everything.
What happens when someone clicks a phishing link?
They're redirected to a branded "You've been phished" education page that shows them the exact red flags in the email they missed. They're then automatically enrolled in the relevant training module — no manual admin action required. You receive a notification in your post-campaign summary.
Can I choose which templates are sent?
Yes — you can set auto-selection (recommended) where the system rotates templates and escalates difficulty over time, or switch to manual mode where you pick your own pool of templates. Manual mode requires selecting at least 4 templates (quarterly plan) which the system then rotates through in order.
Is phishing simulation included in the free trial?
Phishing simulation is an add-on to paid plans, not included in the free trial. However you can view the full template library and settings during your trial so you know exactly what you're getting. Activate phishing simulation from your Billing page after upgrading to any paid plan.

Start Testing Your Team Today

45-day free trial — no credit card needed. Add phishing simulation when you're ready to upgrade.

Start Free Trial → Talk to Us