How our HootPhish simulations work

How our HootPhish simulations work

We would like to take a moment to explain the purpose behind the HootPhish exercise. These simulations are designed as training tools, not just tests. Each one is built to teach users how to identify the seven common indicators of a phishing email, which include:

  • Sender

  • Subject

  • Greeting

  • Spelling and Grammar

  • Sense of Urgency

  • Links

  • Attachments

Rather than being an “all-or-nothing” challenge, HootPhish is structured to help users recognize each of these elements individually within a single email, whether they appear safe or suspicious. Our goal is to reinforce correct identification through positive, real-time feedback, giving users the confidence to spot real phishing attempts in their actual inboxes.

    • Related Articles

    • HowTo: Complete a HootPhish Assignment

      This brief video (under 2 minutes) gives users a quick overview of their HootPhish assignment. If you’re unsure about the test or need guidance, this video will walk you through what to expect. ...

    • HowTo: Complete a HootPhish Assignment

      This brief video (under 2 minutes) gives users a quick overview of their HootPhish assignment. If you’re unsure about the test or need guidance, this video will walk you through what to expect. ...

    • HowTo: The Benefits of CyberHoot’s HootPhish

      The Challenges of Traditional Phish Testing Traditional attack-based phishing tests have often felt punitive to end-users and cumbersome for MSPs to deploy. They require complex configurations like allow-lists, X-Headers, and PowerShell scripts just ...

    • The question box is blocking the text in the HootPhish email.

      Issue: The box is blocking the text in the HootPhish email. Solution: The box sits right under the piece of the email that needs to be analyzed, this this video explains and shows the HootPhish workflow: https://player.vimeo.com/video/1081541555

    • How the "Dark Web Report" and "Manager Compliance Report" Features work in the Power Platform in CyberHoot

      1. How does it work? Dark Web Reports: Whenever a new exposure to a user is found in the dark web, this report will be sent out to both Super Admins and Customer Admins. This report will only report on newly found exposures that have not been ...