• Ipswich, Suffolk HQ Cybersecurity partner Spear Shield, customer testimonals

    Phishing as a Service

    Gain valuable insight into the human-layer of cyber risk in your organisation and help promote cybersecurity awareness with your employees with Spear Shield's Managed Phishing Simulation Service.

What are the benefits of running regular phishing campaigns?

Gain visibility into the human-layer of risk in your organisation

Understand which users or business functions may benefit from additional security

Help drive cybersecurity awareness at C-Suite and Board Level

To create and raise a positive cybersecurity culture and awareness in your organisation

How does it work?

Spear Shield has a 4-step approach to running a phishing campaign. Resource required from your IT team is minimal, which is why outsourcing Phishing Simulations as a service is so popular.

Step 1. Choose a campaign

All of Spear Shield's simulated phishing campaigns, landing pages and training pages are completely customisable. You can either choose from a pre-built template that's been designed based on the threat intelligence we have of real-world phish that has been able to evade detection from M365 and 3rd party Email Gateways or, we can create a personalised one targeting your organisation - at no additional cost.

Step 2. Make sure it hits the users inbox

The phishing campaign is designed to test your users' awareness, not your existing email defences. The team at Spear Shield will help you whitelist an IP and domain in Microsoft 365 or your 3rd party SEG.... and that's it! Resource and change control required is minimal.

Step 3. Schedule the campaign

The team at Spear Shield will provide guidance on when the best time to schedule and run your phishing campaign is.  They can be delivered as either 'a big bang approach' where we send the phishing email to all users' at one. Or, we can drip feed the emails to your users over a chosen period of time.

Step 4. Present results and user behaviour insight findings

Spear Shield will arrange a meeting to present the exec-ready reporting to provide user behaviour insights, campaign results and consultative recommendations for end-user security awareness and training best practice.

Spear Shield's portfolio of cybersecurity solutions and services

Our partnership with Spear Shield and Egress has empowered our end-users with the knowledge to determine whether an email is likely a phishing scam and given us the confidence to communicate through email securely and efficiently.

M. Barendrecht. Director of Technology and Systems at Hales Group

Spear Shield's portfolio of cybersecurity solutions and services

Types of Phishing Simulations?

Spear Shield has a wide range of different payloads and phish types available to ensure your campaigns are always relevant and to ensure they are an accurate reflection of real-world phish that evade detection from M365 and 3rd party email gateways.

QR Phishing Simulations

QR phishing, or QR code phishing, is a deceptive cyber tactic where attackers use QR codes to lead individuals to malicious websites or prompt them to disclose sensitive information. By disguising harmful URLs behind innocent-looking QR codes, attackers exploit trust in QR scanning for malicious purposes. These codes may appear in emails, on posters, or even in physical spaces. Vigilance is crucial to avoid falling victim to QR phishing and Spear Shield can help you identify the risk and raise user awareness via a QR phishing simulation.

Attachment Phishing Simulations

Attachment phishing involves cyber attackers sending deceptive emails with malicious attachments. These attachments often appear legitimate, enticing recipients to open them. Once opened, they can unleash malware, ransomware, or other harmful elements, compromising the recipient's device and potentially the entire network. Commonly disguised as invoices, documents, or seemingly innocuous files, these phishing attempts prey on unsuspecting users. Spear Shield can send attachment simulations to help you understand the risk and raise user awareness.

Impersonation Simulations

Impersonation phishing involves cyber attackers masquerading as trusted entities, such as colleagues, executives, or reputable organisations, to deceive individuals into divulging sensitive information or performing harmful actions. Attackers often use sophisticated social engineering tactics, manipulating email addresses or crafting messages that appear genuine. Employees may be tricked into sharing credentials, financial details, or executing malicious actions. Guard against impersonation phishing by questioning unexpected requests, verifying email addresses, and implementing multi-factor authentication. Identify the risk and help protect personal and organisational information from these deceptive attempts through a simulated impersonation phish.

Spear Phishing

Spear phishing is a targeted and highly personalised form of cyber attack where malicious actors tailor deceptive messages to a specific individual or organisation. Unlike generic phishing attempts, spear phishing involves in-depth research to craft emails that appear authentic and trustworthy. Attackers often use information about the target's interests, relationships, or work responsibilities to increase the likelihood of success. These emails may contain malicious links or attachments, aiming to compromise sensitive data or gain unauthorised access. Spear Shield can help tailor a Spear Shield to help you identify risk and raise user awareness in your organisation.

Brand Impersonation Simulations

Brand impersonation involves cyber attackers mimicking well-known and trusted brands to deceive individuals into taking actions that may compromise their personal information or security. Perpetrators often replicate official logos, websites, or communication channels to create convincing facades. Emails or messages appearing to be from reputable brands may request sensitive information, login credentials, or financial details. Spear Shield can help simulate a brand impersonation attempt to help you identify risk and raise user awareness.

User Baseline Awareness Simulations

Understanding your users' baseline awareness is an important first step in understanding the user risk in your organisation. Spear Shield will help work with you to ensure a fair assessment across all users', typically a baseline awareness campaign will be delivered in 'stealth mode' and will try stay under the radar to ensure a fair test across all employees.

Credential Harvesting Simulations

Credential harvesting phishing simulations is a proactive cybersecurity exercise designed to mimic real-world attempts by cyber attackers to illicitly obtain login credentials. In this simulated scenario, employees receive deceptive emails or messages that imitate legitimate sources, urging them to click on malicious links or enter sensitive login information. The simulation evaluates the organisation's susceptibility to credential harvesting techniques, helping identify potential vulnerabilities. By engaging in these simulations, employees gain hands-on experience in recognising and experiencing a phishing attempt, bolstering your organisation's defences against credential theft. Remember, hackers don't break in - they log in!

The team at Spear Shield have raised the awareness of cybersecurity within our organisation which has led us to be able to empower and educate our staff around the importance of cyber risk.

L. Parker. I.T. Systems and Infrastructure Manager at Magnus Group

What can I do after a test?

Running a phishing simulation exercise will help you identify risk and raise cybersecurity awareness in your organisation. Here's a few extra things you can do help support.

User Awareness Posters

Spear Shield will put together a user awareness poster that you can share internally via comms, upload to staff intranet, display on digital signage, etc to help raise awareness after each campaign and share the results in a manner that promotes positive enforcement for users' and avoids any type of name and shame.

Internal praise and recognition

It's important to provide internal praise and recognition for any users' who report the phishing simulations to I.T to ensure this positive security behaviour is continued when an employee may be faced with a real phish that has been able to evade detection from your security controls.

Additional training

Users' will benefit from point in time training that provides a full breakdown of the phishing email they've received with highlighted 'gotchas' to help them understand how they could have spotted that it was for a phish for next time. For Spear Shield customers that would like to build on this, speak to a member of the team about enrolling your users' into Spear Shield's Cyber Academy. 12 Month, tailored end-user awareness training programme.

Additional security controls

The team at Spear Shield will provide consultative recommendations if you feel your users' would benefit from additional security controls. Spear Shield specialises in helping organisations empower their users' and reduce their employee click-rates through an Integrated Cloud Email Security Layer (ICES) that is designed to augment M365. Spear with a member of the team about Egress Defend to learn more about the combined approach.

Spear Shield's portfolio of cybersecurity solutions and services

How can I enhance user awareness and mitigate risk?

Managed Phishing Simulation Service

Campaign Frequency Options:




Pricing based on number of users

Cyber Academy User Training

Tailored 12-month End-User Awareness Training Programme

Delivered as a fully managed service.

Pricing based on number of users

Real-Time End-User Awareness Training

Help change users' security behaviours by combing security awareness and training with real-time teachable moments and 'nudges' at the point of risk.

Pricing based on number of users

Phishing Threat Intelligence


Root cause of ransomware attacks is human-activated risk


Top targeted member of the board with phishing in 2023


QR Phishing Attacks up 600% in Q4 2023


of organisations had login credentials stolen. 

Achieving Security Outcomes Together

Spear Shield's portfolio of cybersecurity solutions and services


The team at Spear Shield have several year's experience working within both the private and public sector, have a very consultative approach and would welcome the opportunity to learn more about your organisation.

Why customers Secure with Spear Shield

Over 20+ Year's Experience

Working within the private sector, public sector and large enterprise to help organisations solve complex and advanced cybersecurity challenges.

Strategic Portfolio

The team at Spear Shield have done the hard work evaluating the market, understanding the pro's, con's of each solution and what's going to provide the best security outcomes and value for investment so you don't have to.

In-House Technical Expertise

Our customer's benefit from Spear Shield's in-house technical expertise for both pre and post-sales support

In-House Technical Expertise

Cyber criminals collaborate... so why shouldn't the good guys too? Spear Shield customers benefit from our regularly hosted Security Social.exe free to attend cybersecurity social and networking events. 

Let's crush the bad guys together!

Spear Shield has an award winning portfolio of cybersecurity solutions and services that can help keep your network, people and data secure.

Access to the best Commercials

Spear Shield's relationships and technical investment with our partners enables us to provide our customer's with the most competitive commercials available. 


Everything you need to know about Spear Shield.

Do I have to be a customer to attend a Security Social.exe event?

No you don't! Whilst we'd of course hope that one day you might be... Our Security Social events are to provide people with a platform to network. We've built a community of local based IT professionals in East Anglia and Edinburgh so far where people can come together to share cybersecurity challenges and advice for best practice with one another.

Does Spear Shield offer term-based licensing or MSP?

Here at Spear Shield, we can offer both! Consider us a hybrid MSP and VAR (Value added reseller). We are set-up with our vendors to offer our customers all options to ensure we can align our cybersecurity solutions and services with your preferred budget type. Please speak with the team for details.

Can Spear Shield supply public sector organisations through a procurement framework?

Yes! Spear Shield has routes to market including G-Cloud to be able to supply our public sector customers with our cybersecurity solutions and services. Please speak with the team for details.

Can Spear Shield work with Large Enterprise?

Yes! and we do. Our Team has many, many combined years experience working with some of the largest private sector enterprises across the country to help tackle and solve cyber risk. All of Spear Shield's cybersecurity solutions and services are scalable and enterprise-grade.

Does Spear Shield offer not-for-profit discount?

Yes, the Spear Shield Team will always ensure any eligible not-for-profit and public sector discounts are applied to any quotes for our cybersecurity solutions and services.

What are some of the top cybersecurity threats for 2023?

Here are some of the top cybersecurity threats organisations are facing in 2023. 

Social Engineering
Any network is hackable if an employee can be duped into sharing access.

Third-Party Exposure
Vendors, clients, and app integrations with poor security can provide access to an otherwise well-protected network.

Configuration Mistakes
Your cybersecurity investments are only as strong as they are configured correctly.

Human Activated Risk
User education and visibility for IT is essential to ensure those with network access and those handling sensitive data are maintaining cyber best practices.


Hackers are targeting back-ups and using extortion more and more to push receiving the ransom payment from their victims.

Mobile Devices

Every mobile device is a gateway to your network and sensitive business data.

Lack of resource and expertise

Human-led cyber attacks require human-led threat hunting. Unfortunately, skilled threat hunters are few and far between. 

Internet of Things (IoT)
Smart technology users may not realise that any IoT device can be hacked to obtain network access. Securing your network starts with understanding what's on it.

Is there any obligation when opting for a free cybersecurity service by Spear Shield?

No there isn't! The team will just use that as an opportunity for us to work together on a project and prove the value we can provide you as a future strategic partner.

How can I reduce my employees click-rate?

This is an area where the cybersecurity experts at Spear Shield thrive! We've worked with organisations to help reduce employee click rates from 70+% to 0% without the need for any end-user awareness training.

Online training content doesn't work.

Classroom based training gets forgotten.

Static email banners get ignored.

Speak with the team about real-time end-user awareness training to help mitigate the risk of a phishing attack in your organisation.

Why Spear Shield for Managed Detection Response Services?

The team at Spear Shield are an Award Winning Sophos Partner and have a combined 20+ years experience working with Sophos. Our relationship and technical investment, enables Spear Shield to offer our customers the most competitive commercials available. Sophos is one of the largest providers of MDR across the globe with over 17,000 + organisations using the MDR service and is what powers the Spear Shield 24/7 Managed Detection Response Service.

Why Spear Shield for a Managed Phishing Simulation Service?

Spear Shield's Managed Phishing Simulation Service provides our customers with managed phishing simulations and security awareness training for their users delivered as a fully managed services. Customers benefit from the tailored spear phishing examples that the Spear Shield team can tailor to your organisation and also base our templates on real-world phish that we see that are able to evade detection from 3rd party secure email gateways and Microsoft 365. After each campaign, customers benefit from receiving an executive ready report with all of the information and data required to be able to confidently articulate risk back to the business.

What's included in Spear Shield's Managed Phishing Simulation Service reports?

The cybersecurity experts at Spear Shield will provide you with executive ready reporting with all of the intelligence you require to provide cyber-assurance to your organisation.

- Engagement Overview
- % Click Rate
- No. of Credentials Harvested
- Individual Campaign Performance
- Device Breakdown
- Caught-User Breakdown
- User Behaviours Insights

- Industry Benchmarking
- Consultative Recommendations