Phishing poses a serious threat to online security, exploiting unsuspecting individuals through deceptive emails and websites to steal sensitive personal information such as passwords and financial details.

In a world increasingly reliant on digital communication, understanding and combatting phishing is crucial to safeguarding both personal and organizational data from malicious actors. We know that 85% of cyber-attacks start with phishing of one kind or another, so educating your staff on phishing and how to spot red flags is a fundamental control to keep your business safe.

..What is it Securecom’s CATPhish?

Securecom’s CATPhish solution offers simulated phishing tests and a comprehensive suite of cyber training modules for your organization’s users. This innovative solution allows staff to experience the latest phishing attacks observed in real-world scenarios within a secure environment. By exposing employees to these simulated emails, the platform enhances their ability to recognise and respond to potential threats, effectively preparing them for real phishing attempts that will find their way into their inbox.

CATPhish strategically simulates real-world attacks, shedding light on human risk factors within your business in a secure manner that shields your organisation from potential harm. The outcomes of the phishing tests pinpoint the users most susceptible to such attacks. The testing serves the dual purpose of raising awareness and enabling targeted provision of the necessary training, fortifying your human firewall against cyber threats.


CATPhish provides monthly training and testing through video modules and simulated phishing emails, offering a firsthand look at authentic phishing attempts. These modules instil fundamental cybersecurity awareness among staff. Individuals who do not pass the phishing tests can be assigned remedial training. Given that these staff members are identified as more vulnerable, it is crucial to ensure they undergo additional training, contributing to the overall safety of both themselves and the business.

  • Custom phishing emails can be styled for a specific industry/company/person.
  • 23,000+ highly realistic phishing templates, spread over time during working hours. Every employee receives a different phishing email at a different time.
  • Industry Benchmarking compares your organization’s Phish-Prone score with others in your industry.
  • Phishing emails can contain links, QR codes, or will request a callback from a number, all of which are seen in the wild during real phishing attacks.

What do you get?

  • Monthly simulated phishing tests. Note the phishing email templates are determined at set up of the service and will be randomly selected each month.
  • Regular training modules, at a frequency of your choosing – typically monthly or quarterly. These include cyber related modules and assessment modules to help gain an understanding of the business culture and users’ cyber proficiency. Note – configuring monthly training modules will incur a higher onboarding cost.
  • Option for remedial training for staff who click a simulated phishing email.
  • A quarterly report to show the results of the training modules and phishing simulations of your staff, with recommendations on how to uplift the security culture within the organisation and industry standard comparisons to see how your organisation is tracking against the industry average.
  • Insight into what are making staff fail tests and pointers on how to help train staff on these failures.


  • Reduces the likelihood of a succesful phishing attack.
  • Strengthens the company’s security and promotes a strong security mindset, building a proactive and resilient defense against potential threats.
  • Helps staff recognize phishing emails, making them more aware and keeping the business safe.
  • Training modules empower staff with knowledge on various threats, ensuring online safety (e.g., Social Media Safety, Impersonation Scams, BEC, etc.).
  • Identify and provide additional training for employees deemed at risk.
  • CATPhish can be implemented in either on-premises or cloud-based environments, depending on your existing infrastructure. Various methods exist for setting up a tenant, whether your user accounts are hosted on Google, Microsoft Azure Active Directory, or on-premises Active Directory.


Fill out the form below, and we will be in touch for an obligation free conversation and some free tools to get you started.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Phishing is the most common security incident. We recommend you read this report from The Australian Cyber Security Centre for Statistics July 2019 – June 2020.

For Company Management check out this page from the National Cyber Security Centre in New Zealand.