Training (Q1 2018 Features)

  • The world's largest library of well over 500 security awareness training content items; including interactive modules, videos, games, posters and newsletters - with the Diamond level you get frequent, new fresh content
  • 6 foundational modules translated in 26 languages - Release Q1 2018 - and tons of other translated content. Get a free look at all of it in the ModStore
  • On-demand, engaging, interactive browser-based training
  • Create multiple training campaigns as ongoing or with a completion date
  • Automate enrollment and follow-up emails to “nudge” users
  • Allows you to create an effective “Human Firewall”
  • Hosted in our Cloud LMS, run the course in your own Learning Management System, or delivered as a Managed Service
  • Hints & Tips Security Awareness emails for compliance
  • Point-of-failure training auto-enrollment
  • Within one account, you can have multiple allowed domains (e.g. com, net, .org) and users can sign up with any of the domains associated to an account
  • Industry's largest full-time content development staff: 20+ people
  • Visible training results: Phish-prone percentage™ for whole organization graphed over time in your console for reporting
  • Enhanced Training Campaigns with "relative enrollment duration" feature
  • Certificate printing where users can view/download/print their own certificates after completing a course
  • Automatic SCORM delivery via console if you use your own LMS

Simulated Phishing Attacks 

January 2018, after 7 years of helping our customers to enable their employees to make smarter security decisions, we reached the milestone of 15,000 customers. At this point we decided to redo our initial April 2013 analysis of average Phish-prone percentages and this time also break them out by industry and size.

Now having a massive database to analyze, the new research uncovered some surprising results. The overall industry initial Phish-prone percentage benchmark turned out to be a troubling 27%.

Fortunately, the data showed that this 27% can be brought down more than half to just 13% in only 90 days by deploying new-school security awareness training. The 365-day results show that by following these best practices, the final Phish-prone percentage can be minimized to 2.17% on average. See the full webinar.



  • NEW Industry Benchmarking feature lets you compare your organization's Phish-prone percentage™ with other companies in your industry
  • Initial free Phish-prone percentage test for 100 users (more on request)
  • Year-round all-you-can-eat simulated phishing attacks
  • Unlimited yearly use of all phishing templates
  • We create regular "Current Events" templates you can send to users
  • Set-it-and-forget-it scheduling of phishing campaigns
  • Full library with 2,100+ successful phishing templates
  • Easily create your own templates
  • Community Templates: share and use other people’s phishing templates
  • Customizable phishing attacks
  • Customizable landing pages
  • Phishing Security Test email reports sent to admin at the end of a phishing campaign
  • “Anti-prairie dog” campaigns which send random templates at random times
  • Ability to skip weekends in campaigns and assign time zone and working hours
  • New Office templates with macros to simulate ransomware attacks
  • GEO-location - See where your simulated phishing attack failures are on a map, with drilldown capability and CSV-export options.
  • Vulnerable Browser Plugin Detection, automatically detect what vulnerable plugins any clickers on your phishing tests have installed in their browsers
  • Ability to create templates that emulate spoofed CEO Fraud attacks
  • Automatic "Scam Of The Week" Campaign - sent to all employees
  • "Phishing Reply Tracking" allows you to track if a user replies to a simulated phishing email and can capture the information sent in the reply


  • Social Engineering Indicators™ patented technology turns every simulated phishing email into a tool you can use to dynamically train employees by instantly showing them the hidden red flags they missed within that email
  • EZXploit™ is a patent-pending functionality that allows an internal, fully automated "human pentest"
  • USB Drive Test™ allows you to test your user’s reactions to unknown USBs they find
  • Targeted spear-phishing campaigns, replace fields with personalized data
  • “Click Only” and traditional Data Entry of sensitive information (credentials)
  • Customized scenarios based on public and/or personal information
  • Tests for opening MS Office Attachments: Word, Excel, PPT, and PDF (also zipped) and also HTML attachments
  • Variable phishing campaign length, max six months
  • Summary Information about all phishing campaigns
  • Free Phishing Attack Surface Analysis of emails belonging to your domain
  • Phish-Prone Percentage Comparison for different user groups
  • Program trend reporting
  • Vishing Security Tests using IVR attacks over phone (Gold level, available for U.S. and Canada only)
  • Customizable “hover-links” when a user "mouse-overs"
  • Multi-domain accounts for admins or MSPs who manage multiple organizations (no extra charge)
  • Top 10 Criminal Phishing Emails of the week - defanged and ready to send to employees


  • Smart Groups put your phishing, training and reporting on autopilot.  With the powerful Smart Groups feature, you can use each employees’ behavior and user attributes to tailor phishing campaigns, training assignments, remedial learning and reporting. Best of all, Smart Groups is a powerful ad-hoc, real-time query tool that you use to get detailed reporting for management.
  • NEW Reporting APIs enable you to customize and obtain reports by integrating with other business systems that present data from your KnowBe4 Console. Here is the documentation.
  • Training reports for all users or a specific group (who started, completed, started but never finished) 
  • Details on enrollment %, course started %, incomplete %, completed course, acknowledged security policy
  • Filter campaigns on recipient, delivered, opened, clicked, attachment, data entered, bounced, in CSV
  • Specify user needs to “Read and Attest” Security Policy for compliance
  • Individual user "report cards" with their “open and click” history 
  • Reports on browser / device used to open a phishing email and vulnerable browser plugins the user has installed
  • Top 50 clickers report
  • Print to PDF so reports can be sent to management
  • Personal time-line overview for every individual user
  • Phishing Reply Tracking reports with who answered and what they said
  • Reporting APIs enable you to customize reports by integrating with other business systems to present your data from your KnowBe4 Console
Phishing Security Tests Report

Additional Features

  • Automated Security Awareness Program (ASAP), allows you to create a customized Security Awareness Program for your organization that will help you to implement all the steps needed to create a fully mature training program in just a few minutes!
  • Security Roles allows you to assign granular access control for users and groups within the KnowBe4 - Here is the Support Article 
  • KnowBe4 Active Directory Integration (datasheet)
  • Password-Less Logins
  • Anonymous Console Data for European Data Protection compliance
  • Upload users as flat text, or as CSV with Groups functionality
  • Full time dedicated U.S.- and U.K.-based support through phone and email
  • 2-Factor Authentication option for both users and admins
  • Full and partially Managed Service options, we can run this program for you
  • Phish Alert Button gives your users a way to report simulated and non-simulated phishing attacks 
  • Bulk delete users using a CSV file (not needed with AD integration)
  • Training and phishing history are archived even when users are deleted
  • Supports single sign-on using Security Assertion Markup Language 2.0 SAML
  • Support for OKTA identity management
  • Support for Windows Azure Active Directory 
  • Crypto-ransom guarantee

Features Being Worked On Now:

  • AIDA (Artificial Intelligence Driven Agent™) BETA which combines phishing, vishing, smishing in to a new social engineering attack vector we decided to coin as "AI-shing™". You can participate in this beta when you are a KnowBe4 customer with an active subscription.

Find out how affordable this is for your organization. Get a quote now.

Get A Quote
Request A Demo

Get the latest about social engineering

Subscribe to CyberheistNews