Phishslap: Conduct phishing simulations at scale. Educate users to identify possible phishing emails and report them instead of clicking on bait.

Conduct phishing simulation exercises at scale

Phishing exploits are a significant factor in information security incidents & breaches1, and often opens the door for malware and eventual exfiltration of data.
Phishing is both pervasive and profitable for the bad guys—and it’s not going away anytime soon. Frequent internal phishing simulations ensure the people in your organization know how to spot the “bait” rather than take it.

1. Verizon DBIR 2018

Equipping your tackle box

Phishslap phishing simulator helps you create and execute internal email phishing campaigns so you can reach as many as possible from inside the organization to help prevent a successful phishing attack from bad actors outside the organization.

Phishslap was developed by the Information Security Office at the Georgia Institute of Technology for the specific purpose of conducting phishing simulation campaigns at scale in a higher education environment.


Phishslap provides you with the tools to customize your phishing simulation from end to end: from using spoof domains similar to your own to sending emails based on timely news or events on campus. You incorporate the content that is most likely to attract clicks.


Phishing simulations provide focused training to those who need it most! Embedded training offers a learning opportunity so you can catch the gullible “fish” and release them back a little smarter before they get caught by others who won’t be so nice.

Achievable at Scale

Create and execute as many campaigns as you need, to as many recipients as you want. Phishslap is designed for distributed environments where existing phishing simulators might be cost-prohibitive to reach the whole organization repeatedly.


Email Templates

Phishslap includes a number of templates for common phishing tactics to see if anyone will take the bait.

Landing Page Creator

Just point to the page that you want to spoof and a duplicate is made on your own (fake) domain.

Learning Page

Create a learning opportunity at the point of need: at the time of click (as a Landing Page) or after submitting sensitive information on a fake page.


Phishslap compiles key metrics for each campaign such as the rate of opens, clicks, and sensitive data submissions.


What is phishing?

Phishing is usually an email send under false pretences to get the respondent to open an attachment, click on a link, or go to a website. The goal of is phishing is to deceive a user into offering up important or sensitive information by pretending to be a legitimate site where users might normally provide such information or to have a user download/instal malicious software on their device.

I'm new to phishing simulation.

Whether you’re an experienced angler just getting getting started, Phishslap includes the gear you need to start sending phishing emails internally.