Skip to Content

PHISHING TEST

Who in your company would fall for an email scam?

Seven real scams, from the simplest to the ones that fool experienced professionals. Assess your company's exposure to each, and understand, with name and mechanics, how the attack happens. At the end, a sourced report to take to whoever decides.

Start the assessmentTalk to a specialist

THE THREAT CHANGED TARGET

The attack stopped aiming at the system and started aiming at people.

From large corporations to small companies, the challenge is the same: 91% of attacks begin with a phishing email (Deloitte), and artificial intelligence made these scams convincing enough to fool even the experienced. 62% of mid-sized companies already report that rise (Futurum Research, 551 leaders).

The question is no longer whether a scam will arrive, but who, in your company, would recognize it in time.

THE ASSESSMENT

Assess your company's exposure, scam by scam

Every company, from the large group to the lean team, lives with the same question: faced with a well-built scam, who would recognize it in time? For each scam below, indicate who in your organization would fall for it. The result measures the operation's exposure, not yours, and the calculation happens in your browser.

1
2
3
4
5
6
7

Scam 1 of 7

From: Microsoft account
Unusual sign-in activity on your account
We detected a sign-in to your account from a new device. If you do not recognize this activity, verify your account to keep it protected.

Who in your company would fall for this scam?

Traditional phishing. This is traditional phishing: a bulk email impersonating a known service to make you verify your account. Microsoft is the most imitated brand (KnowBe4, 2025).
From: SharePoint
A document was shared with you
A document was shared with you and requires your review. Sign in with your corporate account to open the file.

Who in your company would fall for this scam?

Fake login page. This is credential theft: the link opens a faithful copy of the login screen to capture your password.
From: IT Support
Your two-step verification is about to expire
Your account's two-step verification needs to be renewed. Scan the code with your phone to keep access without interruption.
[QR code]

Who in your company would fall for this scam?

Quishing (QR-code scam). This is quishing: the QR slips past the email filter and leads to a fake page on the phone. 56% impersonate a Microsoft verification reset (Keepnet).
From: Delivery Center
Your parcel is being held
Your parcel is being held due to a pending issue. Confirm your payment details to release the delivery today.

Who in your company would fall for this scam?

Brand impersonation. This is brand impersonation: it wears the identity of a known service (carriers like DHL are among the most imitated, KnowBe4).
From: Mark (Sales)
Update on the Almeida account proposal
As we discussed yesterday, here is the update on the Almeida account proposal. Could you review the attachment and confirm whether we proceed?

Who in your company would fall for this scam?

Spear-phishing (targeted attack). This is spear-phishing: the scammer researches the company and cites a real context. Personalized emails using the company name lead the clicks (KnowBe4, 2025).
From: Management
Confidential payment, are you available?
I am in a meeting and need you to push through a payment to a new supplier by the end of the day. It is confidential, deal only with me here. Can I count on you?

Who in your company would fall for this scam?

Executive fraud (BEC). This is BEC: it impersonates leadership, with urgency and secrecy, to divert a payment. It is the costliest financial scam, with annual losses in the billions (FBI Internet Crime Report 2024).
The video call that follows
Shortly after an email, you join a video call with your CFO and other colleagues. They all confirm, by voice and image, an urgent transfer. None of them are real.

Who in your company would fall for this scam?

Deepfake fraud (AI voice and image). This is a deepfake: the executive's voice and image recreated by AI. That is how Arup lost $25 million in 2024 (CNN, Fortune).

FROM ASSESSMENT TO DEFENSE

Continuous Phishing Training and Simulation

Your team stops being the weakest point and becomes the first line of defense, with the progress documented month by month and evidence that your company takes the matter seriously.

Reflexes do not change with a warning, they change with safe, recurring practice. With the program, your company gains:

  • Controlled, safe simulations in your environment, with the same lures you just assessed.
  • Tailored training for each employee, according to the type of scam they fall for.
  • The technical layer that backs the human one: email filtering that learns from billions of messages a month (Mail Assure, by N-able) and blocks the scam before the click.
  • Reports that document the progress, useful for leadership, the client and your insurer.

WHAT IF NOTHING CHANGES?

One click is enough, and the attacker chooses by ease

A single employee who mistakes a well-built lure for a legitimate email opens the door to data held hostage (ransomware) or to financial fraud. The global average cost of a breach reached 4.44 million dollars in 2025 (IBM Cost of a Data Breach Report 2025), and companies of every size are targets, because the attacker chooses by ease, not by size.

Start the assessment

For 15 years Zamak Technologies has sustained the defense of companies that cannot afford to stop. We operate with tools certified to SOC 2 Type II, ISO 27001, HIPAA and PCI-DSS (SentinelOne for advanced defense, Cove Data Protection from N-able for backup), as a Microsoft Solutions Partner and a member of the Addee Elite Group, with Great Place to Work recognition.

FREQUENTLY ASKED QUESTIONS

What companies ask before assessing their own exposure

It presents seven real email scams, in increasing order of sophistication, and asks you to assess who in your company would fall for each. For each scam, you find out the name of the attack and, in the material we send, how it really works, why it is easy to fall for and what comes next, with the sources. Instead of testing a person, it reveals the organization's exposure.

It takes about three minutes. No sensitive technical data is requested, and the calculation happens in your browser. To get the full material, we only ask for your name, work email and company.

It is the question that separates assuming from knowing. Most companies only find out who clicks on the day of the real attack. A controlled simulation turns that risk into safe learning, before the real attack comes due.

Yes. Filtering blocks most attacks, but social engineering exists precisely to fool the person, not the machine. That is why effective defense combines both layers: the technology that blocks before the click and the team trained to recognize what gets through.

Yes, that is exactly what it is for. The report explains each of the seven attacks in a presentable, sourced way, with the company's exposure and the path to protection, for you to print or forward to leadership and justify the decision.

NEXT STEP

Turn the biggest entry point into your first line of defense

You have seen how far the threat reaches your company. Now choose how you want to prepare the people who decide, every day, whether to click or not.

Book a meeting

A specialist reviews your company's exposure and shows how to prepare it against the most common scams in your industry, with no commitment.

Book a meeting

Explore the program

Continuous Phishing Training and Simulation: real simulation, tailored training and progress metrics.

Explore the program

Free General Assessment

Assess your operation's continuity and security across six domains.

Open the assessment

Updated June 2026 · Free tool by Zamak Technologies