SMPhish
Phishing Simulation for Email & WhatsApp: Identify Vulnerabilities, Build Stronger Defenses
What is Phishing Simulation?
A phishing simulation is a controlled security test: a company sends fake phishing emails or messages to employees to measure how vulnerable they are to real attacks, then trains those who fall for it. SiberMate delivers this across two channels through two features — SMPhish for email and WaPhish for WhatsApp, one of the most common attack channels in Southeast Asia.
Measure and Reduce Phishing Email Vulnerability
Go Live in Minutes
Launch phishing simulations quickly with personalized content to address each employee’s unique weaknesses.
Realistic Templates
Choose from 3,000+ ready-to-use templates inspired by well-known brands, or create your own using a custom builder.
Auto-Phish
Improve productivity with automated, recurring phishing simulations.
Detailed Reporting
Analyze simulation performance across employees, departments, and the entire organization.
Spear-Phishing
Run targeted phishing campaigns that simulate internal employee communications.
Follow-Up Training
Automatically educate employees who fall for simulations and reinforce learning with continuous training.
WhatsApp Phishing Simulation (WaPhish) — Beyond Email!
Most global phishing-simulation tools only test email. Yet in Southeast Asia, WhatsApp is the number-one communication and attack channel. WaPhish tests employees directly through realistic WhatsApp phishing (smishing) scenarios using local lures.
Ready-made templates
Ready-made WhatsApp templates that you can also customize to your own scenarios.
Realistic local lures
Lures such as parcels, banks, prize scams, blocked accounts that target employees every day.
Measure risk
Per-employee risk scoring from each simulation, so you can focus training on the most vulnerable.
Steps to Stronger Phishing Resilience
Launch Simulations in Minutes
- Easily upload or sync employee email directories
- Use ready-to-use phishing templates
- Create simulations with in-app guided workflows
Monitor Phishing Vulnerability Continuously
- Automate periodic phishing simulations (Auto-Phish)
- Test multiple phishing techniques and attack scenarios
- Receive weekly summary reports
Run Spear-Phishing Simulations
- Create templates for specific targets
- Edit and customize existing templates
- Create and use spoofed domains
Apply Microlearning Automatically
- Video-based and interactive training modules
Frequently Asked Questions About Phishing Simulation
What is a phishing simulation?
A phishing simulation is a controlled security test that sends fake phishing emails or messages to employees to measure how vulnerable they are to real attacks, then trains those who fall for it.
What is a WhatsApp phishing simulation (smishing)?
WhatsApp phishing simulation mimics scams delivered through WhatsApp messages (smishing). At SiberMate, the WaPhish feature tests employees specifically on the WhatsApp channel — separate from SMPhish, which tests email — because WhatsApp is a primary communication channel in Southeast Asia.
How often should a phishing simulation run?
Ideally on a regular cadence, such as monthly or quarterly. The Auto-Phish feature runs periodic simulations automatically so resilience is measured over time.
Is a phishing simulation safe and ethical for employees?
Yes. The goal is educational, not punitive. Employees who fall for a simulation are guided to short microlearning, and simulation data is used for training, not penalties.
What is the difference between email and WhatsApp phishing?
Email phishing arrives in the inbox, while WhatsApp phishing (smishing) comes through instant messages with local lures such as parcels, banks, or prize scams. SiberMate tests email via SMPhish and WhatsApp via WaPhish, each with per-employee risk scoring.
