SaltyCloud Licenses Phishing Simulator from Georgia Tech

AUSTIN, TX — SaltyCloud, a startup providing information security applications for higher education and beyond, announced that it had licensed Phishslap, a software from the George Institute of Technology. Phishslap is a powerful phishing simulator that allows the user to conduct phishing simulation exercises at scale. Phishing remains a top exploit of bad guys trying to infiltrate organizations. Education through frequent internal phishing simulations can significantly reduce the likelihood that individuals in an organization will click on malicious links.

The licensing of Phishslap is part of SaltyCloud’s ongoing mission to offer higher education security teams proven solutions that work at scale. The company already has a broad suite of security and risk products that include: Isora, a risk management workflow tool, and Dorkbot, a web app vulnerability search and verification service. By licensing Phishslap, SaltyCloud adds a robust phishing simulator to their product suite.

Phishing plays a significant role in security incidents. It can directly expose the organization to malware or broader organizational compromise through credential theft from targeted phishing attacks on key employees.

— Andrew Sheifele, Ph.D., co-founder Salty Cloud, PBC


What is Phishslap?

The Information Security Office at the Georgia Institute of Technology created Phishslap for the specific purpose of conducting phishing simulation campaigns at scale in a higher education environment.

Phishslap offers organizations unprecedented insight into how phishing campaigns operate. It comes complete with all the tools needed to execute an email campaign, including custom audiences, email templates, and landing pages. The software includes “learning pages,” which provide timely training to any landing page visitor that finds themselves “hooked” by the simulation. It also gives the user data on their “phishing” emails, including open rates, click-through rates, and landing page clicks.

The way it works is simple but effective. The software has many built-in templates that mimic common phishing landing pages, including “last warning,” “open enrollment,” “verify your office 365 account,” and “important message.” It also includes tools for users to create landing pages that mimic their own.

Using these tools and templates, the user sends out an email to a pre-defined audience. If the recipient opens one of the “phishing” emails, they are taken to a landing page that mimics a respected landing page. If the user falls for the “phish” (i.e., enters their login info on a fake landing page), they are redirected to an education page. On the education page, the user will see some brief text explaining what happened, along with information on how to recognize phishing emails.

About The Georgia Institute of Technology

Georgia Institute of Technology, also known as Georgia Tech, is a top-ranked public college and one of the leading research universities in the USA. Georgia Tech provides a technologically focused education to more than 25,000 undergraduate and graduate students in fields ranging from engineering, computing, and sciences, to business, design, and liberal arts. (


About Salty Cloud, PBC

SaltyCloud’s mission is to cultivate cyber-secure ecosystems at higher education institution and beyond. Using its suite of information security applications, SaltyCloud delivers proven and scalable information security solutions purpose-built for highly distributed and regulated environments.

SaltyCloud is a Public Benefit Company. As part of the company’s Public Benefit Mandate, SaltyCloud will provide cybersecurity solutions to higher education institutions at discounted or no costs.