4 campaigns to kickstart
your phishing training
Emergency evacuation plan
This e-mail tells the reader that there is a new emergency evacuation plan that must be read by all employees. It takes advantage of the authority of the company.
Difficulty: ππππ
Phishing giveaways:
- Unconventional request
- Changes in response policies despite no warnings
- Short deadline
- Why would you have to login to read this type of information?
- Promise of rewards
How the campaign performed:
![]() |
![]() |
![]() |
E-mails sent | Links clicked | Submitted data |
![Phishing-mail-example-1](https://www.cyberpilot.io/hs-fs/hubfs/Phishing-mail-example-1.png?width=2000&name=Phishing-mail-example-1.png)
Password policy
This e-mail indicates that the company has a new password policy and all staff must confirm that it is read and understood. It takes advantage of the authority of the company.
Difficulty: πππππ
Phishing giveaways:
- The sender is not a person - just the company
- Changes in response policies despite no warnings
- Short deadline
- Why would you have to login to read this type of information?
How the campaign performed:
![]() |
![]() |
![]() |
E-mails sent | Links clicked | Submitted data |
![Phishingcampaign-mail-example2](https://www.cyberpilot.io/hs-fs/hubfs/Phishingcampaign-mail-example2.png?width=2000&name=Phishingcampaign-mail-example2.png)
Employee benefits
This e-mail tells the reader that their company has partnered with a discounts website. This means that staff can get a discount on several products if they log in with their work e-mail. It takes advantage of the joy of discounts.
Difficulty: πππ
Phishing giveaways:
- The website doesnβt exist
- Multiple mentions of limited gifts and discounts
- Asks for your work email
- The sender is suspicious
- The picture looks like a stock photo
How the campaign performed:
![]() |
![]() |
![]() |
E-mails sent | Links clicked | Submitted data |
![Phishingcampaign-mail-example3](https://www.cyberpilot.io/hs-fs/hubfs/Phishingcampaign-mail-example3.png?width=2000&name=Phishingcampaign-mail-example3.png)
Galactic Cloud
This campaign tells the receiver that he/she has received a new file which needs to be opened within 24 hours. If the deadline is not met then his/her access will be removed. The campaign takes advantages of peoples natural curiosity and it has quite a professional look.
Difficulty: ππ
Phishing giveaways:
- Galatic Cloud is not a real company
- The domain which the e-mail is sent from, info@galacticclouds.com, doesnβt exist either
- Itβs unusual that you would receive a file in a cloud-service which youβve never heard of
- Short deadline for clicking the e-mail
- If you click the link the URL is very suspicious
- It is unusual to receive files from an unknown cloud service
How the campaign performed:
![]() |
![]() |
![]() |
E-mails sent | Links clicked | Data submitted |
![Galactic_ENG.png](https://www.cyberpilot.io/hubfs/Galactic_ENG.png.webp)
An example of a specific phishing campaign and the actual statistics
Our case study has an example of a phishing mail that we sent through our phishing training. See how many fell for the trap!
![phishing-case-en](https://www.cyberpilot.io/hs-fs/hubfs/phishing-case-en.png?width=3000&height=2000&name=phishing-case-en.png)
You will receive inspiration, tools and stories about good cyber security practices directly in your inbox. Our newsletter is sent out approximately once a month.