How do phishing simulations work?<\/h2>\n
Phishing simulations are written and designed to look like real phishing emails.<\/p>\n
When a user receives a suspicious email, they should forward it to <YourTenantID>@ciratraining.ca<\/strong><\/p>\n If the email was a simulation<\/strong> from the training platform, they will get an auto-reply email immediately, saying congratulations, you “caught a phish” and their risk score will improve. If a user clicks on the link in the phishing simulation, they will be assigned a remedial course.<\/p>\n If it was not a simulation<\/strong>, they will get an email providing guidance on what to do next.<\/p>\n<\/div>\n<\/div>\n Users will:<\/p>\n These activities determine a baseline risk scor<\/strong>e <\/strong>for each user, which will go up and down over time, based on their interactions with automated monthly phishing tests.<\/p>\n The admin can view the risk score for each user and the average score for their entire organization, and access reports which provide guidance on how to reduce cyber risk.<\/p>\n<\/div>\n<\/div>\n To keep cybersecurity top-of-mind, users will be assigned a course every two months. A few days after a user completes the course, they will receive a phishing email that relates to the course material.<\/p>\n Users will also receive an automated phishing test (randomly selected from a bank) once per month. If a user “passes” a phishing test by reporting it, they will receive progressively more difficult phishing tests. If a user clicks on a link in a phishing test, they will automatically be assigned a remedial training course, giving them the opportunity to improve their risk score.<\/p>\n There are over 100 courses available in the library (to view, go to Education > Courses) \u2013 if you see a course that covers a cybersecurity topic applicable to your workplace, click on Actions > Assign. Users can also self-enroll.<\/p>\n<\/div>\n<\/div>\n When you log into the platform as an admin, the dashboard shows data from the past 30 days. <\/p>\n Here are some reports we recommend admins check out to analyze training progress and identify cyber risks: <\/p>\n Our guide for implementing training describes how to analyze platform data<\/a> and provides some ideas to keep users engaged<\/a> in training to keep cybersecurity top of mind.<\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":" How do phishing simulations work? Phishing simulations are written and designed to look like real phishing emails. When a user receives a suspicious email, they should forward it to <YourTenantID>@ciratraining.ca If the email was a simulation from the training platform, they will get an auto-reply email immediately, saying congratulations, you “caught a phish” and their risk score […]<\/p>\n","protected":false},"author":11,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"ngg_post_thumbnail":0,"slim_seo":{"title":"Small Teams - Admin Guide - CIRA","description":"How do phishing simulations work? Phishing simulations are written and designed to look like real phishing emails. When a user receives a suspicious email, they"}},"category":[664],"class_list":["post-41805","page","type-page","status-publish","hentry","cira_category-cybersecurity"],"acf":[],"publishpress_future_action":{"enabled":false,"date":"2026-06-10 21:01:28","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"translation_priority","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/stg.cira.ca\/en\/wp-json\/wp\/v2\/pages\/41805","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/stg.cira.ca\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/stg.cira.ca\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/stg.cira.ca\/en\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/stg.cira.ca\/en\/wp-json\/wp\/v2\/comments?post=41805"}],"version-history":[{"count":2,"href":"https:\/\/stg.cira.ca\/en\/wp-json\/wp\/v2\/pages\/41805\/revisions"}],"predecessor-version":[{"id":398009,"href":"https:\/\/stg.cira.ca\/en\/wp-json\/wp\/v2\/pages\/41805\/revisions\/398009"}],"wp:attachment":[{"href":"https:\/\/stg.cira.ca\/en\/wp-json\/wp\/v2\/media?parent=41805"}],"wp:term":[{"taxonomy":"cira_category","embeddable":true,"href":"https:\/\/stg.cira.ca\/en\/wp-json\/cira\/v1\/category?post=41805"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n<\/div>\n<\/div>\nWhat will the initial training look like?<\/h2>\n
\n
\n<\/div>\n<\/div>\nWhat ongoing training will users receive?<\/h2>\n
Monthly phishing<\/h3>\n
Admins can assign more courses at any time<\/h3>\n
\n<\/div>\n<\/div>\nAs an admin, what data can you view?<\/h2>\n
\n
![\"CIRA](\"https:\/\/stg.cira.ca\/uploads\/2023\/01\/CIRA-CAT-Phishing-mockup-4.png\")
<\/p>\n
\n<\/div>\n<\/div>\nHow can I analyze platform data and keep users engaged?<\/h2>\n