Skip to content
Login to the app
  • There are no suggestions because the search field is empty.

Use The "Phishing Vulnerable" Feature To Focus On At-Risk Users

Phishing remains one of the most persistent threats to organizations of all sizes. While simulations and training help reduce risk across the board, many security teams struggle with a recurring problem: there’s always a group of users who consistently fall for phishing attacks, despite repeated training. 

That’s why we’ve developed the Phishing Vulnerable feature—a smart way to identify and support users who need extra attention in your efforts. 

The Problem: One-Size-Fits-All Doesn’t Work for Everyone 

As an admin, your goal is to reduce the risk of phishing breaches. General trends—such as click rates or reporting rates—can tell you how your organization is doing overall. But these averages often hide the persistent group of users who repeatedly click or submit data in phishing simulations.   

These users may not only need more training—they may also need targeted, personalized support. 

The Solution: Smart Identification and Tailored Action 

The Phishing Vulnerable feature automatically groups users who have demonstrated difficulty spotting phishing attacks in simulations. This group gives you a clear, data-backed way to take action. 

Here's how it works:

  • Automatic tagging: Users who click on phishing simulation links are added to the “Phishing Vulnerable” group after each campaign. 
  • The system refreshes the group every time a phishing campaign is completed—no manual work needed. 
  • The feature also tags users from the most recently completed campaign, so if you have already run a campaign with users that have clicked a link, then they will appear in the group. 

      Note: Admins are excluded from tagging, even if they participate in simulations. 

      How you can use it

      With this group in place, you can offer more effective and focused training: 

      1. Assign Extra Courses 

      Create an onboarding plan for the “Phishing Vulnerable” group that enrolls them in additional cybersecurity awareness courses, such as: 

      • The Dangerous Click 
      • Data Theft 
      • Ransomware  

      Here's how training and onboarding plans work.

      2. Distribute Internal Materials 

      Need to share custom information—like screenshots of recent real phishing emails? You can assign “own materials” to the group and track who has opened and read them. 

      Here's how to upload and enroll your own materials to the CyberPilot App. 

       

      Restrictions for Accuracy and Integrity 

      To ensure fairness and consistency: 

      • Admins cannot manually add or remove users from the group. 
      • User tagging is based solely on behavior in simulations. 
      • Group membership is updated automatically and transparently. 

       

      A Smarter Way to Build a Cyber-Aware Culture 

      The Phishing Vulnerable feature makes it easy for you to spot weak links and support them with precision - all without adding to your administrative workload. 

      You will find the group under “Groups” and the name is “Phishing vulnerable”