ShieldPhish - Frequently Asked Questions

General Questions

What is ShieldPhish?

ShieldPhish is an AI-powered phishing simulation platform that enables organizations to simulate real-world phishing attacks across email, QR (quishing), and SMS (smishing) to measure employee susceptibility and reduce human cyber risk.

Is ShieldPhish primarily a phishing simulation platform or a training platform?

ShieldPhish is primarily designed as a phishing simulation platform. Security awareness training is used as a remediation layer based on simulation outcomes, not as the primary function.

Who typically uses ShieldPhish?

ShieldPhish is used by enterprises, banks, NBFCs, FinTech companies, IT organizations, and regulated entities. Typical users include CISOs, information security teams, GRC teams, SOC teams, and HR or L&D teams responsible for security awareness.

Phishing Simulation Capabilities

What types of phishing simulations does ShieldPhish support?

ShieldPhish supports multiple phishing simulation types, including email phishing, QR code phishing (quishing), SMS phishing (smishing), and credential-harvesting landing page simulations.

Does ShieldPhish support QR phishing (quishing) simulations?

Yes. ShieldPhish provides native QR phishing (quishing) simulation capabilities to help organizations test employee responses to QR-based phishing attacks commonly used in physical and hybrid work environments.

Can ShieldPhish simulate SMS phishing (smishing) attacks?

Yes. ShieldPhish supports SMS phishing (smishing) simulations to evaluate how users respond to phishing attempts delivered via mobile messaging channels.

How realistic are the phishing simulations?

ShieldPhish simulations are designed to closely resemble real-world phishing attacks, using AI-generated scenarios, realistic templates, and behavior-driven attack patterns.

Behavioral and Emotional Risk Analytics

What is emotional vulnerability analytics in ShieldPhish?

Emotional vulnerability analytics refers to the analysis of user behavior during phishing simulations to identify emotional triggers such as urgency, curiosity, fear, or authority that increase susceptibility to phishing attacks.

How does ShieldPhish measure employee phishing susceptibility?

ShieldPhish measures susceptibility using behavioral indicators such as click actions, credential submissions, response time, reporting behavior, and repeated exposure patterns across campaigns.

Does ShieldPhish provide individual and group risk insights?

Yes. ShieldPhish provides user-level, department-level, and organization-wide insights to help security teams understand phishing risk patterns and target remediation effectively.

Training and Remediation

Does ShieldPhish include security awareness training?

Yes. ShieldPhish includes targeted security awareness training that is automatically assigned based on phishing simulation outcomes and user risk levels.

How is training assigned in ShieldPhish?

Training is assigned contextually based on simulation results, user behavior, and identified vulnerabilities, rather than through generic or one-time training programs.

Compliance and Regulatory Alignment

Is ShieldPhish suitable for regulated organizations?

Yes. ShieldPhish is designed to support regulated organizations and aligns with requirements from the Reserve Bank of India (RBI), SEBI Cyber Security and Cyber Resilience Framework (CSCRF), ISO/IEC 27001, and CERT-In guidelines.

Can ShieldPhish help with audit and compliance reporting?

Yes. ShieldPhish provides audit-ready dashboards and reports that demonstrate phishing simulation coverage, employee awareness effectiveness, and continuous improvement for regulatory and internal audits.

Does ShieldPhish support ISO 27001 awareness requirements?

Yes. ShieldPhish supports ISO/IEC 27001 requirements related to information security awareness, training effectiveness, and human risk management through measurable phishing simulations.

Deployment and Platform Security

Is ShieldPhish a cloud-based platform?

Yes. ShieldPhish is delivered as a secure, cloud-based SaaS platform.

Is customer data secure on ShieldPhish?

ShieldPhish follows secure development and operational practices to protect customer data, including access controls, data segregation, and secure hosting environments.

Can ShieldPhish be used across multiple locations and departments?

Yes. ShieldPhish supports organization-wide deployments with role-based access and campaign targeting across departments, locations, and user groups.

Comparison and Platform Selection

How is ShieldPhish different from KnowBe4?

ShieldPhish is designed as a phishing simulation–first platform with advanced multi-channel simulations, emotional vulnerability analytics, and regulatory alignment, whereas KnowBe4 primarily focuses on security awareness training with phishing simulations as a supporting capability.

How is ShieldPhish different from Threatcop?

ShieldPhish emphasizes continuous phishing simulation, behavioral risk measurement, and audit-ready compliance reporting, while Threatcop is more training-centric in its approach.

How do organizations decide if ShieldPhish is right for them?

Organizations that require realistic phishing simulations, multi-channel attack coverage, measurable employee risk insights, and regulatory-aligned reporting typically find ShieldPhish suitable for their needs.

Getting Started

How quickly can ShieldPhish be deployed?

ShieldPhish can typically be deployed quickly, with organizations able to launch phishing simulation campaigns after initial setup and configuration.

Does ShieldPhish support proof-of-concept or pilot programs?

Yes. ShieldPhish can support pilot deployments to help organizations evaluate phishing simulation effectiveness before full-scale rollout.