Frequently Asked Questions

Everything you need to know about PhishShield.

Getting Started

Create your account, import users via CSV or use the platform provisioning API, choose a phishing template, and launch your first campaign. Getting started is quick and straightforward.

No. PhishShield is designed for organizations with minimal IT staff. Basic setup requires no technical expertise. Custom SMTP configuration requires basic setup knowledge.

PhishShield works with any email system. We support custom SMTP servers with SPF/DKIM/DMARC, domain rotation for deliverability, and our own managed email infrastructure.

Campaigns & Simulations

Pre-built templates across 5 difficulty levels — from obvious spam to highly targeted spear-phishing. You can also create custom templates or generate them using AI.

PhishShield includes whitelisting guides for Microsoft 365 and Google Workspace. We also support domain rotation and SPF/DKIM/DMARC configuration to maximize deliverability.

They're redirected to an educational landing page that explains the phishing indicators they missed. They're also automatically assigned targeted training modules based on their interaction.

Training

When employees interact with phishing simulations (clicking links, submitting credentials), they're automatically assigned relevant training modules. The system adapts based on their risk score.

Yes. PhishShield includes video-based training modules covering phishing awareness, social engineering, password security, and more. You can also upload your own custom content.

Yes. Employees receive auto-generated completion certificates with unique verification numbers after finishing training modules.

Compliance & Security

PhishShield generates compliance-ready reports for SOX, HIPAA, PCI-DSS, ISO 27001, NIST, and GDPR. Reports include campaign history, training completion, risk trends, and executive summaries.

All credentials captured during simulations are immediately hashed — they're never stored in plaintext. They're used only to record that a submission event occurred and are automatically purged per your retention policy.

Yes. PhishShield uses encryption in transit and at rest, role-based access control, organization-level data isolation, and soft deletion. We conduct regular security audits.

Pricing & Billing

Contact our sales team or request a demo to get started. We offer flexible plans tailored to your organization's size and needs.

Absolutely. PhishShield supports customer-owned SMTP with full SPF/DKIM/DMARC configuration and domain rotation. No vendor lock-in — use your infrastructure or ours.

Yes. PhishShield includes a full MSSP partner portal with multi-tenant organization management, impersonation audit trails, and a provisioning API for automated onboarding.

Still have questions?