At CybSafe, we take an intelligent approach to phishing simulations. CybSafe simulated attacks use algorithms to serve automated, but personalised phishing to understand strengths/weaknesses for every person in an organisation

Provided that the phishing functionality is turned on, CybSafe will periodically send phishing emails to individuals registered on the platform. CybSafe administrators can determine how many emails are sent within a given time period.

CybSafe phishing tracks the "opens" of an email using a unique hidden image pixel to record an open event. This however has some technical limitations:

We use email service SendGrid to track email opens, clicks and bounces. Our simulated phishing emails contain non-copyright brands, with non-offensive content. 

The sender domain will always be cs-mail-sender.com but with a spoofed <from> address.

The tracking url will always contain https://u6197305.ct.sendgrid.net from SendGrid, where only CybSafe are authorised to use this subdomain. For secure use in an allow list, we recommend to include the subdomain: u6197305.ct.sendgrid.net

CybSafe do not send file attachments in emails.

Users may be encouraged to enter data as part of the phishing simulation. CybSafe will only capture the metadata surrounding the event, at no stage is input data recorded, analysed or retained in any way. Users who click through a phishing email are redirected to a learning page that provides information on the simulated attack and advice on how to avoid similar attacks in the future.

In addition to the allow list of domains/IP addresses, CybSafe emails always contain HTML with the following signature:

The HTML shown in BOLD will always be present, so email triage can be automated with an HTML body search for “cs-unique-ref”.

If you still have questions, you can contact the CybSafe team via support@cybsafe.com. We’re on hand to help resolve any further issues!