Skip to content
Login to the app
  • There are no suggestions because the search field is empty.

Use The "Phishing Vulnerable" Feature To Focus On At-Risk Users

Phishing remains one of the most persistent threats to organizations of all sizes. While simulations and training help reduce risk across the board, many security teams struggle with a recurring problem: there’s always a group of users who consistently fall for phishing attacks, despite repeated training. 

That’s why we’ve developed the Phishing Vulnerable feature—a smart way to identify and support users who need extra attention in your efforts. 

 

The Problem: One-Size-Fits-All Doesn’t Work for Everyone 

As an admin, your goal is to reduce the risk of phishing breaches. General trends—such as click rates or reporting rates—can tell you how your organization is doing overall. But these averages often hide the persistent group of users who repeatedly click or submit data in phishing simulations.   

These users may not only need more training—they may also need targeted, personalized support. 

 

The Solution: Smart Identification and Tailored Action 

The Phishing Vulnerable feature automatically groups users who have demonstrated difficulty spotting phishing attacks in simulations. This group gives you a clear, data-backed way to take action. 

 

Here's how it works:

Entering the group
  • Automatic tagging: Users who click on phishing simulation links are added to the “Phishing Vulnerable” group after each campaign. 
  • The system refreshes the group every time a phishing campaign is completed—no manual work needed. 
  • The feature also tags users from the most recently completed campaign, so if you have already run a campaign with users that have clicked a link, then they will appear in the group. 

       

      Exiting the group

      • A user must successfully go through two simulations to exit the group.
      • This means they are automatically removed from the group after they go through two campaigns without clicking on the link. 

      Note: Admins are excluded from tagging, even if they participate in simulations. 

       

      How you can use it

      With this group in place, you can offer more effective and focused training: 

      1. Get an easy overview of your at risk users

      You can always get an up to date overview of those who are vulnerable to phishing attacks.

       

      2. Automatically enroll at-risk users to training

      If you also use CyberPilot's Awareness Training, you can set up an onboarding plan that will automatially enroll your at-risk users to additional training as soon as they click on a phishing simulation link. 

      Make sure to set up an onboarding plan for the group, instead of a regular training plan, to make sure that your users get the training as soon as they join the "Phishing Vulnerable" group. 

       

      phishing vulnerable plan

       

      We recommend these courses for the additional training: 

      1. Phishing - Day 0

      2. Targeted phishing (spear phishing) - Day 7

      3. How to handle a phishing email - Day 14

       

      Read more about how to make an onboarding plan here.

       

      Restrictions for Accuracy and Integrity 

      To ensure fairness and consistency: 

      • Admins cannot manually add or remove users from the group. 
      • User tagging is based solely on behavior in simulations. 
      • Group membership is updated automatically and transparently. 

       

      A Smarter Way to Build a Cyber-Aware Culture 

      The Phishing Vulnerable feature makes it easy for you to spot weak links and support them with precision - all without adding to your administrative workload. 

      You will find the group under “Groups” and the name is “Phishing vulnerable” 

      phishing vulnerable