(Q1 2017 Features)

  • The world's largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters. (Diamond level)
  • A 15-minute module translated in 26 languages - cick to see the list.
  • On-demand, engaging, interactive browser-based training.
  • Create multiple training campaigns as ongoing or with a completion date
  • Automate enrollment and follow-up emails to “nudge” users
  • Allows you to create an effective “Human Firewall”
  • Hosted in our Cloud LMS, run the course in your own Learning Management System, or delivered as a Managed Service
  • Hints & Tips Security Awareness emails for compliance
  • Point-of-failure training auto-enrollment
  • Within one account, you can have multiple allowed domains (e.g. com, net, .org) snd users can sign up with any of the domains associated to an account
  • Industry's largest full-time content development staff
  • Visible training results: Phish-prone percentage™ for whole organization graphed over time in your console for reporting

Simulated Phishing Attacks 

After a year of helping our customers train their employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks, we decided to go back, and look at the actual numbers of 300,000 users over those 12 months. We aggregated the numbers and the overall Phish-prone™ percentage drops from an average of 15.9% to an amazing 1.2% in just 12 months. The combination of web-based training and frequent simulated phishing attacks really works.

Security Awareness Training


  • Initial free Phish-prone™ percentage test for 100 users (more on request)
  • Year-round all-you-can-eat simulated phishing attacks
  • Unlimited yearly use of all phishing templates
  • We create regular "Current Events" templates you can send to users
  • Set-it-and-forget-it scheduling of phishing campaigns
  • Full library with 500+ successful phishing templates
  • Easily create your own templates
  • Community Templates: share and use other people’s phishing templates
  • Customizable phishing attacks
  • Customizable landing pages
  • Phishing Security Test email reports sent to admin at the end of a phishing campaign
  • “Anti-prairie dog” campaigns which send random templates at random times
  • Ability to skip weekends in campaigns and assign time zone and working hours
  • New Office templates with macros to simulate ransomware attacks
  • GEO-location - See where your simulated phishing attack failures are on a map, with drilldown capability and CSV-export options.
  • Vulnerable Browser Plugin Detection, automatically detect what vulnerable plugins any clickers on your phishing tests have installed in their browsers
  • Ability to create templates that emulate spoofed CEO Fraud attacks
  • Automatic "Scam Of The Week" Campaign - sent to all employees
  • "Phishing Reply Tracking" allows you to track if a user replies to a simulated phishing email and can capture the information sent in the reply


  • Social Engineering Indicators™ patent-pending technology, turns every simulated phishing email into a tool you can use to dynamically train employees by instantly showing them the hidden red flags they missed within that email
  • EZXploit™ is a patent-pending functionality that allows an internal, fully automated "human pentest"
  • USB Drive Test™ allows you to test your user’s reactions to unknown USBs they find
  • Targeted spear-phishing campaigns, replace fields with personalized data
  • “Click Only” and traditional Data Entry of sensitive information (credentials)
  • Customized scenarios based on public and/or personal information
  • Tests for opening MS Office Attachments: Word, Excel, PPT, and PDF (also zipped)
  • Variable phishing campaign length, max six months
  • Summary Information about all phishing campaigns
  • Free Phishing Attack Surface Analysis of emails belonging to your domain
  • Phish-Prone Percentage Comparison for different user groups
  • Program trend reporting
  • Vishing Security Tests using IVR attacks over phone (Gold level, available for U.S. and Canada only)
  • Customizable “hover-links” when a user "mouse-overs"
  • Multi-domain accounts for admins or MSPs who manage multiple organizations (no extra charge)
  • Top 10 Criminal Phishing Emails of the week - defanged and ready to send to employees


  • Training reports for all users or a specific group (who started, completed, started but never finished) 
  • Details on enrollment %, course started %, incomplete %, completed course, acknowledged security policy
  • Filter campaigns on recipient, delivered, opened, clicked, attachment, data entered, bounced, in CSV
  • Specify user needs to “Read and Attest” Security Policy for compliance
  • Individual user "report cards" with their “open and click” history 
  • Reports on browser / device used to open a phishing email and vulnerable browser plugins the user has installed
  • Top 50 clickers report
  • Print to PDF so reports can be sent to management
  • Personal time-line overview for every individual user
  • Phishing Reply Tracking reports with who answered and what they said
Security Awareness Training Reporting

Additional Features

  • NEW: KnowBe4 Active Directory Integration (datasheet)
  • Upload users as flat text, or as CSV with Groups functionality
  • Full time dedicated U.S.-based support through phone and email
  • 2-Factor Authentication option for both users and admins
  • Full and partially managed options, we can run this program for you
  • Phish Alert Button gives your users a way to report simulated and non-simulated phishing attacks 
  • Bulk delete users using a CSV file (not needed with AD integration)
  • Training and phishing history are archived even when users are deleted
  • Supports single sign-on using Security Assertion Markup Language 2.0 SAML
  • Support for OKTA identity management
  • Support for Windows Azure Active Directory 
  • Crypto-ransom guarantee

Features Being Worked On Now:

  • AIDA (Artificial Intelligence Driven Agent™) BETA which combines phishing, vishing, smishing in to a new social engineering attack vector coined as "aishing™". You can participate in this beta when you are a KnowBe4 customer with an active subscription.

Find out how affordable this is for your organization. Get a quote now.

Get A Quote
Request A Demo

Related Pages: Kevin MitnickSecurity Awareness Training

Get the latest about social engineering

Subscribe to CyberheistNews