Skip to main content
Version: 6.0

Phishing Simulation

The Phishing section is one of the core components of the Rawam platform. It aims to enhance employees' cybersecurity awareness by conducting simulated phishing attack campaigns. This section provides a safe and controlled environment where fake phishing emails are sent to users, mimicking real-world attack techniques. This helps assess user response and identify behavioral vulnerabilities when dealing with suspicious emails.

This section enables cybersecurity administrators to:

  • Create professional phishing email templates that simulate real attack scenarios
  • Schedule and manage targeted phishing campaigns by department or group
  • Configure advanced settings including mail servers and phishing links for a fully customized experience
  • Monitor results and analyze user behavior to improve future awareness strategies

This feature plays a vital role in fostering a strong cybersecurity culture within the organization and is considered an essential tool in continuous awareness and training programs.

How Phishing Works in Rawam

The phishing simulation mechanism in Rawam is based on mimicking real-life phishing attacks to test and improve employee awareness—without exposing them to any actual risk. The process follows these main stages:

1. Creating Phishing Templates

The administrator creates email templates that simulate common phishing messages, such as:

  • Fake discount offers
  • Spoofed account confirmation requests
  • Fake security alerts

Each template includes a subject line, email content, and a fake landing page (used to redirect the user when they interact with the email).

2. Launching a Phishing Campaign

The administrator defines the following:

  • Which phishing template to use
  • The target users (selected from the system)
  • The timing and recurrence of the campaign
  • The sender email address (pre-configured in the settings)

Emails are then automatically sent to the targets, appearing as legitimate messages.

3. Tracking User Interaction

Once the campaign is live, the platform monitors user behavior, including:

  • Did the user open the email?
  • Did they click the link?
  • Did they enter data on the fake page?

All interactions are accurately recorded in campaign reports.

4. Analyzing Results

Rawam generates detailed reports that help administrators:

  • Measure overall employee awareness
  • Identify users who fell victim to the phishing attempt
  • Assess the organization's risk level
  • Make informed decisions on further training or awareness activities

5. Privacy & Education

All operations are conducted securely:

  • No real or sensitive data is collected or used
  • The goal is awareness and training—not punishment
  • An automated awareness message can be sent to users who were tricked, explaining the mistake and offering security tips