Phishing Simulation and User Awareness Training Service Description

Service Category - Email Protections

Availability - Now

Anti-Phishing training program are designed to help identify and reduce employee susceptibility to phishing and spear phishing attacks. The Queensland Government Cyber Security Unit (GGCSU) has established a suite of vendor provided Phishing Simulation and User Awareness Training resources delivered by Proofpoint, Inc. Anti-phishing simulations and continuous training methodology has been shown to reduce successful phishing attacks and malware infections by up to 90%.

Phishing Simulation and User Awareness Training is underpinned by a proven four-step approach detailed below:

  • Assess – The ThreatSim® Phishing Simulation platform enables agencies to assess how susceptible their employees are to phishing and spear phishing attacks. End users who fall victim to simulated attacks are automatically presented with ‘just-in-time’ anti-phishing training and guidance which identifies the warning signs that should have been picked up by the user and offers tips to help avoid future threats.
  • Educate - Security awareness training programs include targeted anti-phishing training as well as organisation-wide education. Phishing attack training approach and interactive training modules enable agencies to deliver effective cybersecurity education in a flexible, on-demand format that minimises disruption to daily work routines.
  • Reinforce - Reinforcing best practices is critical to improving information retention. The PhishAlarm® email reporting tool enables employees to report a suspicious phishing email with a mouse-click. Likewise, the PhishAlarm Analyzer® email prioritisation tool helps maximise the capabilities of PhishAlarm® and streamlines response and remediation efforts on reported emails.
  • Measure and Analyse Results - Tracking and analysis features deliver a range of reports that provide granular insights into the results of anti-phishing campaigns and training programs. Analysis tools help to shape simulated phishing campaigns and identify users who are likely to benefit from additional education.

Business Benefits

Phishing Simulation and User Awareness Training initiatives can help agencies to:

  • Protect against social engineering threats before they result in disruption of business operations.
  • Identify and protect against email phishing attacks which could result in reputational damage to your organisation.
  • Plan and practice how they might respond to different types of email phishing attacks in order to develop organisational resilience and readiness against cyber threats.
Government Benefits
  • Utilising this service will help to enable QG organisations to meet their obligations as specified under the Information security policy (IS18:2018) and improve cyber security maturity.
Technical Characteristics
  • Send simulated phishing, SMS and USB attacks using thousands of pre-built, modified or custom created (agency) templates.
  • Simulate link-based, attachment-based, and data-entry style attacks using features such as system click detection and random scheduling.
  • Send predefined and custom knowledge assessments on important cybersecurity and compliance topics to obtain a baseline on user security awareness knowledge.
  • Auto enrol end users that perform inadequately on simulated attack campaigns and knowledge assessments into targeted training programs.
  • Generate reports to identify targeted users, frequency and types of phishing attacks.
  • User Awareness Training modules can be easily integrated into most Queensland Government Learning Management Systems (LMS).
Eligibility and Funding

Entity Type



Queensland Government Agencies


No Cost

Statutory Bodies


On Application

Local Government



Government Owned Corporation (GOC)



Related Services

DMARC Monitoring Service

Agencies can utilise a vendor provided DMARC (Domain-Based Message Authentication Reporting and Conformance) service platform called DMARC Analyzer. The service allows organisations to monitor their email channels with greater visibility, enabling them to see what emails are being sent and received and the reputation of those emails. DMARC provides a method to block malicious emails being sent via an organisation’s domains to protect their clients and customers from spoofed domain messages and phishing attacks.

Phishing and Awareness CoP

The Phishing and Awareness Community of Practice (CoP) consists of an organised group of ICT professionals from Queensland Government agencies who meet on a regular basis to collaborate and share information, improve their skills, and actively work on advancing their general knowledge of phishing threats and user awareness initiatives.

Service Provisioning

Please contact your Qld Government Cyber Security Unit representative at stating the Service Description name in the email subject title.

Last Reviewed: 07 February 2022