At CybSafe, we take an intelligent approach to phishing simulations. CybSafe simulated attacks use algorithms to serve automated, but personalised phishing to understand strengths/weaknesses for every person in an organisation

Provided that the phishing functionality is turned on, CybSafe will periodically send phishing emails to individuals registered on the platform. CybSafe Administrators can determine how many emails are sent within a given time period.

Tracking Simulated Phishing Emails

CybSafe phishing tracks the "opens" of an email using a unique hidden image pixel to record an open event. This however has some technical limitations:

• Depending on the security configuration of the mail client in use, it may automatically block the opening of images to protect users - so an open event is not captured

• Some inbound mail gateways open images automatically to scan the contents.  CybSafe uses algorithms to reduce the impact but it most be noted the opens could be impacted by this behaviour.

CybSafe uses to track email opens, clicks and bounces. Phishing emails will contain a mixture of unbranded, non-offensive content. 

The sender domain will always be but with a spoofed <from> address.

CybSafe do not send file attachments in emails. Emails do contain links, which contain a Send Grid URL shortener in the format:, which
resolve to

Users may be encouraged to enter data as part of the phishing simulation. CybSafe will only capture the fact that the form was filled in. At no point is input data recorded, analysed or retained in any way. Users who click through a phishing email are redirected to a learning page that provides information on the simulated attack and advice on how to avoid similar attacks in the future.

Still have questions?

If you still have questions, you can contact the CybSafe team via We’re on hand to help resolve any further issues!

Did this answer your question?