PhishShield

Phishing Simulation

20+ realistic attack templates across every vector

Cyber Essentials

NCSC-backed certification against common cyber threats

Threat Analytics

Real-time human risk intelligence dashboard

Compliance Reports

Board-ready audit documentation and audit trails

View all platform features →

Enterprise

Full security suite with dedicated support and SLAs

Financial Services

FCA, PCI-DSS and BEC fraud defence for finance teams

Education

DfE-aligned cyber security for schools and MATs

Healthcare

DSPT-aligned phishing defence for NHS and private care

View all solutions →

Documentation

Setup guides, API reference, and integrations

Cyber News

Live threat intelligence from Krebs, NCSC, Bleeping Computer and more

Case Studies

Real customer outcomes and measurable ROI data

Threat Intelligence

Latest phishing campaign TTPs and analysis

Explore all resources →
Pricing

Campaign login

Admin dashboard

Training portal

Employee learning

Get started

Documentation

Getting startedCampaignsTargetsGroupsSecurity trainingReportsSettingsREST API

Need help?

Open a support ticket from inside your dashboard.

Go to support

Platform reference

Documentation

Everything you need to set up PhishShield, run phishing simulations, assign security training, and understand your organisation's human risk posture.

Getting started

From sign-up to your first phishing simulation in under 15 minutes.

  1. 01

    Create your organisation account

    Register at phishshield.uk/register with your work email. A free demo account is created instantly — no credit card required.
  2. 02

    Verify your domain

    Go to Dashboard → Verify domain. Since you're already signed in as an admin, your domain is confirmed instantly — no DNS changes or email required.
  3. 03

    Add your targets

    Navigate to Targets and import your team via CSV, or add employees one at a time.
  4. 04

    Run your first campaign

    Go to Campaigns → New campaign, pick a template, select your targets, and schedule or send immediately. Results appear in real-time on the Reports page.
Demo mode: Free accounts run against sample data so you can explore every feature without sending real phishing emails. Upgrade to a paid plan to run live simulations against your actual team.

Campaigns

Create and run realistic phishing simulations across email, SMS, and voice vectors.

Creating a campaign

From Campaigns → New campaign, choose a template (or build your own), select a target audience, configure the sender details, and set a schedule. Campaigns can be sent immediately or queued for a future date and time.

Templates

PhishShield ships with 20+ pre-built templates covering credential harvesting, invoice fraud, IT helpdesk impersonation, package delivery scams, and more. Each template is fully editable — customise the subject line, body, sender name, and landing page.

Your domain must be verified before campaigns can be sent. Without verification, the send button will be disabled.

Tracking events

PhishShield tracks the following events per target per campaign:

  • Email delivered
  • Email opened (1×1 tracking pixel)
  • Link clicked (redirect tracking)
  • Credentials submitted (landing page form)
  • Training viewed (post-click education page)

Spam filter guide

If campaign emails are landing in spam, follow the spam filter guide inside your dashboard (Campaigns → Spam filter guide) to whitelist PhishShield's sending infrastructure in your mail gateway.

Targets

Manage the employees who receive phishing simulations and training.

Adding targets

Targets can be added three ways:

  • Manually — click Add Target and fill in the form.
  • CSV import — upload a file with the format below.

CSV format

Column headers are flexible — email, Email, and EMAIL all work. Only the email column is required.

email,first_name,last_name,department,position
[email protected],Alice,Smith,Finance,CFO
[email protected],Bob,Jones,Engineering,Developer

Licence limits

The number of targets you can add depends on your plan. Purchase additional licence slots at any time from Dashboard → Billing. Only email addresses matching your verified domain can be added.

Groups

Organise targets into departments or teams for targeted campaigns and training.

Groups let you segment your workforce so you can run department-specific campaigns (e.g. a Finance-targeted invoice fraud simulation) or assign training to a subset of employees.

  1. 01

    Create a group

    Go to Groups → New group, give it a name and optional description.
  2. 02

    Assign targets

    Open the group and use the Targets tab to add members. A target can only belong to one group at a time.
  3. 03

    Use in campaigns

    When creating a campaign, choose a group as the target audience instead of selecting individual recipients.

Security training

Assign awareness modules to employees and track completion via the training portal.

How it works

PhishShield includes 24+ security awareness modules covering phishing, ransomware, password hygiene, MFA, social engineering, and more. Admins assign modules to employees; employees complete them in a separate learner portal.

  1. 01

    Assign training

    Go to Training → Assign to employees. Select one or more modules, then choose your audience — all targets, a specific group, or a manual list of email addresses.
  2. 02

    Employees receive an invite

    Each newly assigned employee gets an email with a one-click magic link valid for 7 days. Clicking it logs them straight into the training portal — no password needed.
  3. 03

    Employees complete modules

    Learners visit phishshield.uk/training-portal, work through lessons at their own pace, and take a quiz to earn a completion certificate.
  4. 04

    Track progress

    Monitor completion rates per module and per employee from Training → Assignments.

Employee portal login

After the initial magic link expires, employees sign in at phishshield.uk/training-portal using their work email. A 6-digit one-time code is sent to their inbox — no account or password is ever required.

Sessions last 14 days. Employees who return to the portal within that window are logged in automatically without needing to re-verify.

Plan availability

Security training is available on Essentials and above. Individual modules may require higher plans — locked modules are visible but show an upgrade prompt.

Reports

Understand your organisation's phishing susceptibility and training progress.

Campaign reports

The Reports page shows aggregate and per-campaign metrics including open rate, click rate, credential submission rate, and training engagement. Use the date range filter to compare performance over time.

Key metrics

  • Click rate — Percentage of targets who clicked the phishing link
  • Submission rate — Percentage who entered credentials on the landing page
  • Repeat clickers — Targets who fell for more than one campaign
  • Training completion — Percentage who completed the post-click education page

Exporting data

Reports can be exported as CSV from the Reports page. Enterprise customers also have access to board-ready PDF compliance reports.

Settings

Configure your organisation, domain, notifications, and billing.

Domain verification

Domain verification proves you own the domain your targets use. Once verified, you can send phishing simulations and your employees can access the training portal. Go to Dashboard → Verify domain — since you're already authenticated as an administrator, your domain is confirmed instantly.

Notifications

Configure email alerts for campaign events — new clicks, credential submissions, and weekly digests — from Settings → Notifications.

Billing & plans

Upgrade, downgrade, or purchase additional target licence slots from Billing. All plan changes take effect immediately and are prorated.

Free

  • 2 targets
  • Demo mode only
  • Basic reports

Essentials

  • 50 targets
  • Live campaigns
  • Security training

Starter

  • 250 targets
  • Custom templates
  • All training modules

Enterprise

  • 500+ targets
  • Dedicated support
  • Compliance reports

REST API

Programmatically manage targets, pull campaign reports, and integrate PhishShield with your own tooling. Enterprise plan only.

API access requires an Enterprise plan. Generate API keys from Dashboard → Settings → API Keys.

Authentication

All API requests must include your API key as a Bearer token in the Authorization header.

Authorization: Bearer ps_live_your_api_key_here

Base URL

https://phishshield.uk/api/v1

Endpoints

GET/api/v1/stats

Returns org-level stats: target count, campaign count, overall click rate, and 5 most recent campaigns.

{
  "organization": { "id": "...", "plan": "ENTERPRISE" },
  "targets": 312,
  "campaigns": 18,
  "groups": 7,
  "overallClickRate": 14,
  "recentCampaigns": [ ... ]
}
GET/api/v1/targets?page=1&limit=50

Paginated list of all targets. Use page and limit (max 100) query params.

POST/api/v1/targets

Create a target. email is required; all other fields are optional.

{
  "email": "[email protected]",
  "firstName": "Jane",
  "lastName": "Smith",
  "department": "Finance",
  "position": "CFO",
  "groupId": "clx..."   // optional
}
DELETE/api/v1/targets/:id

Delete a target by ID. Returns { "ok": true } on success.

GET/api/v1/campaigns

Paginated list of campaigns with status, template, and target count.

GET/api/v1/campaigns/:id

Full campaign report including open rate, click rate, submission rate, and training engagement.

{
  "id": "clx...",
  "name": "Q1 Finance Phish",
  "status": "COMPLETED",
  "stats": {
    "sent": 80,
    "opened": 52,  "openRate": 65.0,
    "clicked": 18, "clickRate": 22.5,
    "submitted": 4,"submissionRate": 5.0,
    "reported": 12,"reportRate": 15.0,
    "trained": 18
  }
}
GET/api/v1/templates

List all available templates (built-in and custom).

GET/api/v1/groups

List all target groups with member counts.

Error responses

All errors return a JSON body with an error field and a standard HTTP status code.

401  { "error": "Invalid or missing API key" }
403  { "error": "API access requires an Enterprise plan" }
404  { "error": "Not found" }
409  { "error": "Target with that email already exists" }
API keys are shown only once at creation time. Store them securely — PhishShield cannot display the full key again. If a key is lost, revoke it and generate a new one.

Support

Still have questions?

Our support team typically responds within a few hours on business days.

Open a support ticket
PhishShield

Enterprise phishing simulation and security awareness training for modern organisations. Built by security people, for security teams.

SOC 2 Type IIISO 27001GDPR

Product

  • Features
  • Template Library
  • Pricing
  • Status

Company

  • About
  • Testimonials
  • Cyber News
  • Careers
  • Contact Sales
  • Enterprise

Legal

  • Privacy Policy
  • Terms of Service
  • GDPR
  • Security

© 2026 PhishShield, Inc. All rights reserved.

For authorised security awareness testing only.