Let's reduce employee click-rates by up to 100% together

Spear Shield Managed Phishing Simulations and real-time end-user awareness delivered as a fully-managed service has successfully helped customers reduce 70+% click rates to 0%.

Egress Defend Admin Dashboard

Example Email Security Risk Posture Admin Dashboard

A picture to demonstrate end-user cybersecurity training and awareness challenges

If your Secure Email Gateway is struggling to detect advanced phishing attacks, what chances do your employees have?

Cyber criminals are evolving their approaches to be able to evade traditional security defences. It's time we evolve our approach too.

But, my employees perform online cybersecurity awareness training... why isn't it working?

Employee workloads
Employees can now work from anywhere, on any device, at any time.
Busy employees dealing with stress, work pressures and targets may be more prone to rushing a decision
Static warning banners
'CAUTION: This Email is from outside of the organisation.'
Employees have become desensitised to generic email warning banners
Infrequent training
'next, next, next, next, complete.'
Employees struggle to remember un-engaging and infrequently delivered end-user awareness training
Harder to spot
Phishing attempts are becoming more sophisticated and harder to spot.
If Secure Email Gateways and IT Professionals are struggling to detect them, what chances does an average user have?

How does Spear Shield help organisations empower users and mitigate phishing risk?

Spear Shield have a 2-step approach to be able to help our customers identify human cyber risk in their organisation. If you'd like to learn more, take advantage of our FREE email security assessment.


Step 1. Understand risk

πŸ”Ή Understand how susceptible your employees are to phishing attacks

πŸ”Ή Understand how many phishing emails are slipping through your SEG's net and into your employees inboxes

a picture to show how to understand email and user cybersecurity risk
a picture to show real-time enduser awareness training

Step 2. Finding a solution

πŸ”Ή Prove a solution can achieve the same results (if not, better!) than your current training programme before investing

πŸ”Ή Stop dragging employees away from their day jobs! Reduce operational costs + increase employee efficiency with real-time teachable moments


Spear Shield Managed Phishing Simulations &
Egress Defend Real-Time End-user Awareness Training

Name a better combination... we'll wait. 😏


Spear Shield Managed Phishing Simulation Service

Step 1: Template Design

Spear Shield's creativity knows no bounds!

All of Spear Shield's simulated phishing campaigns, landing and training pages are completely customisable. Spear Shield has multiple language choices available and ready to tailor to your organisation.

The most popular attacks we perform
πŸ”Ή Brand Impersonation
πŸ”Ή Company Impersonation
πŸ”Ή Social Engineering

Types of payloads
πŸ”Ή Links
πŸ”Ή Attachments
πŸ”Ή Credential Harvesting

Step 2: Reporting

Executive-ready reporting with all of the intelligence you require to provide cyber-assurance to your organisation.

πŸ”Ή Engagement Overview
πŸ”Ή % Click Rate
πŸ”Ή No. of Credentials Harvested
πŸ”Ή Individual Campaign Performance
πŸ”Ή Device Breakdown
πŸ”Ή Caught-User Breakdown
πŸ”Ή User Behaviours Insights
πŸ”Ή Consultative Recommendations

Managed Phishing Simulation Report Example

Egress Defend Real-Time End-User Awareness Training

Egress Defend 1-min overview

β€œThe team at Spear Shield have raised the awareness of cybersecurity within our organisation which has led us to empower and educate our staff around the importance of cyber risk.”

Egress Defend

Protect against data breaches with intelligent detection

Sophisticated attackers know how to bypass the most common phishing detection approaches. Intelligent phishing detection helps you:

anomaly_detectπŸ”Ή Protect against data breaches
 Intelligent email inspection learns email behaviour patterns and detects anomalies and sophisticated phishing threats.

Icon_bannersπŸ”Ή Empower users and reduce friction 
Contextual, colour-coded warning banners provide teachable moments and risk mitigation without unnecessary disruptions.

icon_overheadπŸ”Ή Reduce administration overhead
A cloud-based architecture and self-learning detection technologies reduce configuration and ongoing maintenance workload.

Egress Defend - Top Features
Behavioural and linguistic analytics
Is the attacker using emotional manipulation? How are they asking? Is there a sense of urgency?
Social graphing technologies
Forms one of the many layers in place. Detect first-time communications, display name anomalies, spoofed email addresses and unusual IP's.
Real-time user warnings
Immediately alert your users to a threat, without distracting them from their workflow.
Intuitive display panels
The technology explains why the phishing email is dangerous in plain human language, offering active learning for the user that reduces reliance on time-consuming and costly training programmes.

Shaped by GCHQ

Egress Defend has been shaped by GCHQ to provide advanced detection capabilities that stop phishing early. Armed with Spear Shield's Managed Phishing Simulations service, your organisation can release key resources to focus on other threats and empower your employees to become cyber advocates who can identify future breaches.

Egress Defend anti phishing Methodology

Winner of the 2022 Global Infosec award for most comprehensive anti-phishing solution .


How is it licensed?

Spear Shield are an Egress Gold Partner. We have access to the best commercials available and are set-up as both a VAR (Value-Added Reseller) and MSP. This means, we can accommodate all preferred working styles and budget types.

a picture to show Spear Shield's Managed Phishing Simulation Service

Spear Shield Managed Phishing Simulation Service

Per no. of Mailboxes

Phishing Frequency Available:

One-off, Weekly, Monthly, Quarterly

  • Phishing Simulations delivered as a Managed Service
  • Up to 4 customised phishing templates per campaign
  • Fully customisable Employee Landing Pages
  • Full Detailed Reporting
A picture to show Egress Defend as a solution

Egress Suite - Mitigating Inbound and Outbound Email Threats

Per no. of Mailboxes/yr


Egress Protect
Egress Prevent
Egress Defend

  • Real-Time Teachable Moments
  • ICES Integrated Cloud Email Security
  • Accidental Send Prevention
  • DLP Data Loss Prevention
  • Secure Email Encryption
  • Large File Transfer

Learn how we can empower your users and crush phishing together.

Schedule a chat for a time that suits you with a member of the Spear Shield team today.


Phish fighting, threat hunting, cyber risk mitigation experts.

Based in Ipswich, Suffolk. Spear Shield are a team of cybersecurity risk and mitigation experts who align their award-winning solutions and services to help businesses solve their cybersecurity challenges.

A picture to demonstrate Spear Shield fighting cyber crime in Ipswich Suffolk

Yup, you read that right.

Free cybersecurity services that the security experts at Spear Shield can provide to help you identify business risk and prove our value as either an existing or future new cybersecurity partner.

  • Free Phishing Campaign

  • Network Visibility Assessment

  • Mobile Security Risk Assessment

  • Secure Email Gateway Assessment

  • Public Cloud Security Assessment

84% of businesses were hit with successful phishing attacks last year

Test and understand your employees cybersecurity awareness and risk with a fully managed phishing simulation delivered by Spear Shield.

What's the catch?

There isn't one. If you're an existing customer - this is limited to 1 per customer. If you're a new customer, we'd just like the opportunity to prove our value as a potential future supplier.

Learning how to defend your digital terrain starts with understanding what's on it.

You cannot secure what you cannot see. Allow the security experts at Spear Shield to perform an agent-less visibility assessment to help you understand EVERYTHING that is connected to your network, in real-time. 

What's in scope?

Everything. IT, IoT, OT and IoMT.

Every personal and business-owned mobile device is a gateway to business data and your network.

Understand the mobile security risk that faces your organisation with a free 2-week engagement.

Types of Mobile Risk:

Man-in-the-Middle attacks
Unsecured WiFi
Malicious Proxies
Malware apps
App permission abuse
OS exploits
Vulnerable configuration

But we have BYOD...

Don't worry, we have you covered! Mobile Security designed with user privacy in mind.


89% of IT Leaders voice frustrations with their Secure Email Gateway (SEG)

Let the team at Spear Shield help you identify suspicious emails that may be slipping through the net and give you visibility into your supply chain health with a free 2-week Email Security Risk Assessment.

Detect, respond and prevent the security and compliance gaps that could be leaving you exposed...

Included with every assessment:

  • Network Visualisation – complete visualisation of public cloud environments, with detailed asset inventory
  • Audit-ready reports – compliance and security best practice reports for leading standards
  • Recommendations – remediation paths for any identified security and compliance gaps placing you at risk


Everything you need to know about Spear Shield's Managed Phishing Simulation and Real-Time end-user awareness training service.

Does Spear Shield provide phishing simulation templates?

Yes, we do. Spear Shield Phishing Simulations are completely managed. We have many phishing templates pre-built and available to choose from and also own several custom domains. We continuously monitor the latest trending threats and ensure all of our out of the box templates are relevant and up to date to be able to provide the most realistic experience for your users as possible.

Can Spear Shield create a custom phishing campaign tailored to my organisation?

We sure can! Spear Shield offer complete customisation and can create hyper-personalised phishing campaigns tailored to your organisation. Including CEO Impersonation Attempts, Brand Impersonation attempts from 3rd party business partners, to anything you can think of! The team welcomes the opportunity to get creative with our phishing template designs.

What phishing attack payload options does Spear Shield have?

Spear Shield can create phishing campaigns with links, credential harvesting and attachments.

Is there anything I need to do to prepare for the phishing simulation?

Spear Shield will provide guidance on any steps required to ensure the emails deliver to your employees inboxes. Other than that, you can sit back, relax (just kidding... you have plenty of others things to do!) and wait for the reporting session.

Can Spear Shield test multiple domains?

Yes, we can.

Can Spear Shield perform SMSishing simulations?

Coming soon... It's an area we're currently evaluating. If you have an interest in performing a SMS phishing simulation on your employees - please do let us know.

What happens when an employee clicks a phishing link?

Spear Shield will provide their advice and recommendations on landing pages on a case-by-case, per campaign basis. Any landing pages created will have the phished employee in mind and we will always find that sweet spot between being informative and keeping it a positive experience for your users.

Does Spear Shield provide user training is a user clicks a link?

Spear Shield has end-user awareness training content readily available. All phishing simulation landing pages are completely customisable and can include your corporate branding to provide assurance to your users that this was just a security exercise and not a real attack.

I have my own training portal, can I send my users there after they click?

Yes, if you own your own training portal and would prefer to direct users to an internal LMS platform, Spear Shield can tailor the landing page accordingly.

What are the different types of phishing attacks?

Email Phishing
The attacker sends an email that looks legitimate, designed to trick the recipient into either entering information in reply or on a site that they can use to steal their data or to gain access to their device/network.

Spear Phishing
Spear phishing involves targeting a specific individual in an organisation to try to steal their login credentials. The attacker often first gathers information about the person before starting the attack, such as their name, position, and contact details.

Vishing is short for 'voice phishing'. This is when someone uses the phone to try steal information from their victim. The attacker may disguise themselves as a trusted friend, relative or business contact.

HTTPS Phishing
An HTTPS phishing attack is carried out by sending the victim an email with a link to a fake website. The site may then be used to fool the victim into entering confidential information.

Pop-up Phishing
Pop-up phishing often uses a pop-up about a problem with your computer's security or some other issue to trick you into clicking. You are then directed to download a file, which ends up being malware, or to call what is supposed to be a customer support centre.

A whaling attack is a phishing attack that targets a senior executive in an organisation. These individuals often have access to sensitive areas of the network, so a successful attack can result in access to valuable information that can be used for ransomware and exploitation.

Social Engineering
Social engineering attacks pressure a victim into revealing sensitive information by manipulating them psychologically.

Angler Phishing
Anglers use fake social media posts to get their victims into providing login info or downloading malware.

Smishing is phishing through some form of a text message or SMS.

Main-in-the-Middle (MTM) Attacks
With a man-in-the-middle attack, the hacker gets in 'the middle' of two parties and tries to steal information exchanged between them, such as account credentials.

Website Spoofing
A hacker creates a fake website that looks legitimate. When you use the site to log in to an account, your data is collected by the attacker.

Domain Spoofing
Also referred to as DNS spoofing, is when a hacker imitates the domain of a company - either using email or a fake website - to lure the victim into entering sensitive information.

Image Phishing
Image phishing uses images with malicious files in them meant to aid an attacker in stealing your account info or infecting your device.

Search Engine Phishing
A search engine phishing attack involves an attacker making fake products that looks attractive. When these pop up in a search engine, the target is asked to enter sensitive information before purchasing, which goes to the hacker.