Phishing Simulation Training: Test Your Team and Build Resilience

Why Staff Training Remains Essential

Even with excellent email security technology in place, some phishing emails reach staff inboxes. Targeted attacks that use compromised legitimate accounts, plausible business contexts, or urgency cues are specifically designed to evade technical filtering and persuade staff to click before applying scepticism.

Stolen or compromised credentials were the initial attack vector in 22% of data breaches in 2024 — the single largest cause of breaches, surpassing phishing (16%) and software vulnerabilities (Verizon DBIR 2025). (ITPro)

47% rise in attacks evading Microsoft's native defences and secure email gateways (SEGs) — KnowBe4 2025 Phishing Benchmark Report. (Microsoft)

Phishing-resistant, passwordless authentication grew 63% in one year, rising from 8.6% to 14.0% of authentication events (Okta, 2025). (Okta)

Training in isolation — a one-off presentation or eLearning module — has limited lasting effect. Research consistently shows that the benefit of security awareness training fades significantly within three to six months without reinforcement. Simulation-based training creates practical experience of phishing attempts, which builds more durable awareness than passive learning.

How Phishing Simulation Works

AMVIA's simulation service sends realistic test phishing emails to your staff from convincing-looking senders. Templates cover the most common attack types: IT helpdesk alerts, delivery notifications, Microsoft account security warnings, payroll or HR notifications, and executive requests. Campaigns are designed to reflect the types of attacks targeting businesses in your sector.

When a staff member clicks a link or submits credentials in a simulation, they are immediately redirected to a brief training page explaining the indicators of phishing in the email they just received. This moment-of-failure training is more effective than retrospective learning because it is contextual and immediately relevant.

Metrics and Reporting

AMVIA tracks and reports click rates, credential submission rates, and reporting rates (whether staff reported the email using the phishing report button). Results are broken down by department, seniority level, and location where relevant. This allows you to identify which parts of your organisation are most susceptible and target additional training accordingly.

Over multiple campaigns, the trend data shows whether staff resilience is improving. Click rates should decrease over time with regular simulation — a meaningful reduction indicates the programme is working. Where specific teams or individuals show persistently high click rates, targeted interventions can be directed at those groups.

Campaign Design and Frequency

AMVIA recommends running phishing simulations at least quarterly. Using different campaign themes each quarter — varying between IT alerts, HR communications, parcel deliveries, and external supplier requests — prevents staff becoming familiar with a single template type and instead builds generalised scepticism towards unexpected email requests.

Campaigns should be designed with care. Overly aggressive campaigns that test staff with highly implausible scenarios provide limited value. AMVIA designs campaigns to be realistic — challenging enough to catch some staff, but reflective of actual attack patterns rather than novelty scenarios.

The Phishing Report Button

Alongside simulation, AMVIA configures a phishing report button in Microsoft 365 Outlook. Staff who receive a suspicious email — whether a simulation or a real phishing attempt — can report it with a single click. Reported emails are reviewed by AMVIA's security team. Where a genuine phishing campaign is identified, AMVIA can retrospectively search and delete matching emails from all staff mailboxes, limiting exposure.

A high reporting rate is a positive outcome — it indicates staff are actively engaged in your security programme rather than simply avoiding clicking links.

Integrating Simulation with Security Awareness Training

Phishing simulation is most effective as part of a broader security awareness programme. AMVIA can supplement simulation with security awareness training modules covering topics including password hygiene, safe internet use, data handling, and recognising social engineering. Training is delivered via an online platform with completion tracking, supporting compliance documentation requirements.

The combination of regular simulation and structured awareness training provides both the practical conditioning and the conceptual understanding that builds lasting security culture within your business.