Skip to content
Login to the app
  • There are no suggestions because the search field is empty.

Advanced Phishing with ReconAI

With ReconAI, you can take your phishing training further by introducing simulations that reflect how more advanced attacks are carried out in the real world. This feature allows you to introduce more advanced phishing simulations by generating targeted scenarios based on publicly available information about your organization. This helps employees practice identifying phishing attempts that more closely resemble real-world social engineering attacks.

 

How ReconAI Works

ReconAI combines publicly available data with AI to generate tailored phishing simulations. This approach mirrors techniques used by advanced threat actors, who often combine Open Source Intelligence (OSINT) with AI to create more convincing phishing attacks.

 

Public data collection

ReconAI gathers relevant information from your organization's digital footprint to understand relevant context - such as content available on your website.

 

AI-generated phishing emails

The collected information is used to generate phishing emails tailored to your organization’s context, reflecting how targeted phishing attacks are commonly crafted.

The result is simulations that feel more relevant to employees and mirrors techniques used in more advanced social engineering attempts.

 

What You Can Achieve with ReconAI

ReconAI helps you strengthen your phishing training by:

  • Introducing targeted phishing simulations

  • Simulate phishing emails tailored to your organization

  • Testing your public exposure

  • Understand how publicly available information about you can be used in attacks

  • Increase difficulty in your training

  • Prepare employees for more sophisticated phishing attacks

  • Reinforcing secure behavior

  • Help employees apply their knowledge in more realistic situations

 

When to Use ReconAI

ReconAI is most effective when your organization already has a foundation in phishing training.

We recommend using it when:

  • Employees are familiar with phishing basics

  • You have run a few phishing simulations (3-4)

  • Employees understand how to report suspicious emails

 

At this stage, ReconAI can introduce more advanced scenarios while reinforcing existing knowledge.

 

Before You Run a Simulation

Because ReconAI's phishing simulations are more targeted, it's important to consider:

  • Are employees comfortable with phishing simulations?

  • Do they know how to report suspicious emails?

  • Is your organization ready for more advanced scenarios?

 

Targeted simulations can feel more personal, so it's important that employees are informed about ongoing training and know how to respond.

 

Best Practice

You may want to adjust the generated email - but we keep it unchanged.

ReconAI is designed to reflect how real attackers operate using available information. Keeping the content unchanged helps ensure that:

  • The simulations remain realistic

  • The training relfects real-world techniques

  • The results provide accurate insights

Prerequisites

As the feature is collecting publicly available information about your orgainzation, stores it in our database and uses AI to process the data, you will need to accept an amendment to our Data Processing Agreement before we are able to activate the feature for you.

 

How to Enable ReconAI

The IT Admins that have this feature enabled can follow the instructions below to use it.

  1. In the left-side menu, click on Phishing and enter the Phishing planner section.

  2. Press Add a single simulation.

  3. You will now have the choice of choosing to see your phishing catalogue or to generate a customized simulation using ReconAI. Choose Generate customized simulation.

  4. To enable ReconAI, we need your approval to process your publicly available information. Therefore, you will need to review our amendment to the data processing agreement. Click on Download amendment and review the information. If you agree to enable ReconAI, please toggle the button you see in your phishing planner and click Accept and continue.

  5. ReconAI will now scrape your organization's publicly available data and notify you by email once it's ready for use.

  6. Once you receive the notification email, follow the same process and click on Generate customized simulation.

  7. Choose the language for the simulation and review the generated phishing email. If you would like ReconAI to generate a new one, please do so by clicking the button below the template. Otherwise, choose the email template and insert dates and target groups for the simulation.



Still have a question?

Contact us at support@cyberpilot.io