Skip to content Skip to navigation Skip to footer

Phishing Simulation Service

Train Your Employees to Recognize and Report Phishing and Other Email Threats

Download Data Sheet
Phishing Simulation Service
banner background banner dots


Because email remains a primary threat vector for malicious actors, you need to educate and test your employees to be able to identify email-based threats.

FortiPhish Phishing Simulation

Fortinet FortiPhish is a phishing simulation service to test your employees against real-world phishing techniques. The tests are based on the latest research by FortiGuard Labs, Fortinet’s elite cybersecurity threat intelligence organization. With phish testing as part of your broader security awareness program, your employees can learn to recognize, avoid, and report email-based cyberthreats including phishing, impersonation, Business Email Compromise, and ransomware.



Per-mailbox/user subscription

Phish Templates


Basic templates

Event-specific templates

Custom templates

Point-of-click education pages

Phish Alert Button (PAB)

Integration with Fortinet Security Awareness and Training Service*

Risk and Reporting


Post-campaign reports

Campaign risk grades

Language Support


Multi-language – Admin

Multi-language – Templates

User Definition


User definition – Manual/CSV

User definition – LDAP

Administrators can see the rates at which emails were opened, clicked, submitted, executed, replied to, and reported.

Granular Reporting

FortiPhish provides detailed visibility into campaign results. Administrators can drill down into progress and results to clearly see how employees are performing against a phish campaign.

An example custom phish template. Update email title, subject, sender name, sender email, clicking behavior, redirect URL, attachments, user reply tracking, and email body

Custom Phish Builder

Create custom phish emails that tie into specific areas of concern that you want to test employees against (Ex. a fake message coming from your HR department, an email exploiting news of an internal event, or a spoofed message from your CEO).

Phish alert button

Phish Alert Button (PAB)

Building a culture of cyber awareness across your employees means providing them the tools and encouragement to report suspicious emails.

Risk grades on a scale from A to F

Campaign Risk Grades

Risk Grades help you get an immediate understanding of overall campaign performance and how well your employees are doing in spotting, avoiding and reporting a phish test.

Simple phish tests will contain obvious indicators such as incorrect grammar, odd punctuation, and hanging characters. Meanwhile, challenging tests may have no visually obvious indicators and require employees to look for less obvious indicators (ex. hovering over web links) as well as contextual clues.

Difficulty Levels

As your employees get smarter, increase the difficulty level for each phish test. Phish difficulty levels include Simple, Moderate and Challenging levels.

FortiPhish Use Cases

Features and Benefits


Includes out-of-the-box, editable phishing templates—or you can create your own.


Integrates smoothly with your existing user directory.


Leverages the Fortinet Security Awareness and Training service to address problematic behavior.


Tests your entire workforce with translated templates ready for use.


Enables full visibility into campaign and user performance, plus associated risk.


Challenges employees by making phish testing harder as your employees get smarter.