ScamDrill sends realistic phishing simulations to your employees, measures their responses, and builds lasting security habits — all from one dashboard.
Comprehensive tools for managing security training at scale
Each employee gets simulations tuned to their own performance—not a one-size-fits-all curriculum. Tactic weaknesses drive what gets sent next, and difficulty auto-progresses across three tiers. Admins see a per-tactic mastery heatmap and can pin a tier.
Business-focused templates including CEO wire transfer (BEC), Microsoft 365 password expiry, DocuSign requests, and vendor invoice fraud. Each one is tagged by difficulty, channel, and persuasion tactic so it reaches the right employee at the right time.
Group employees into departments and run targeted campaigns — BEC for Finance, credential harvesting for Engineering, social engineering for HR. A live 0–100 resilience score shows which teams are strongest and weakest, blending real drill performance with training results so you know where to focus next.
Create training campaigns that send simulations automatically on a schedule. Set frequency, choose templates, target specific departments or difficulty tiers, and pause or resume any campaign with one click—independent of the adaptive engine’s cadence.
Generate detailed reports with per-employee data: simulations sent, click rates, report rates, risk scores, and annual WBT completion. Export as CSV for SOC 2, ISO 27001, HIPAA, and other audit frameworks. Included on every paid plan.
Business and Enterprise members can forward any suspicious email to check@scamdrill.com for instant AI-powered analysis. Returns a risk score, specific red flags, and a recommended action within seconds—no copy-paste, no separate tool, no extra login.
Enterprise REST API for integrating ScamDrill with your existing LMS, SIEM, or security tooling. Manage learners, fetch results, and receive webhook notifications for clicks and reports so your dashboards and analytics stay current in real time.
Assign a ~20-minute interactive WBT course to every employee once a year. Covers phishing and smishing fundamentals, includes short quizzes, and issues a printable certificate. ScamDrill tracks per-employee completion for SOC 2, ISO 27001, and HIPAA audits.
Single sign-on via SAML 2.0 or OIDC plus automated user lifecycle management with SCIM 2.0. Syncs directly with Okta, Azure AD, Google Workspace, and other identity providers. Available as an add-on on Business and Enterprise plans; included on Max.
Get your organization up and training in minutes
Set up in minutes. Invite your security admins to get started.
Invite by email, CSV upload, or directory sync from Okta, Azure AD, or Google Workspace. Organize into departments.
Select templates, set a schedule, target departments. Simulations start automatically.
Monitor click rates, report rates, and risk scores. Generate compliance reports.
A realistic example of the kind of email your team would actually receive — and the red flags we'd walk them through after.
"Please DocuSign: ACH banking update — vendor onboarding"
A finance "coworker" sends an envelope containing a fraudulent ACH change. The yellow REVIEW DOCUMENT button opens a fake Microsoft 365 login page that captures credentials — used to push fraudulent wire transfers through accounts payable. DocuSign was the most-impersonated brand in workplace credential phishing in 2025.
See the full example →Also covering family-focused scams that target your team's parents and teens — see all 3 simulation examples →
Choose the right plan for your security needs
Need something in-between or a custom plan beyond 10,000 seats?
Contact sales@scamdrill.comFAQ
An admin creates an organization, invites employees by email or bulk CSV, and manages everything from a centralized dashboard. Employees receive simulations on their own cadence; the admin sees aggregate analytics, department breakdowns, training progress, and audit-ready reports across the entire team.
Yes — a one-time setup so simulated phishing lands in inboxes the way real phishing would, instead of getting flagged by your gateway. Our guided Email Delivery wizard walks your IT admin through a few clicks in Microsoft 365, Google Workspace, or your provider of choice. No DNS changes required to get started.
Yes, optionally. By default, simulations come from third-party lookalike domains we own — DHL-style shipping notices, DocuSign-style signature requests, and so on — which mirror real external phishing. For higher-realism internal pretexts (CEO BEC, IT helpdesk, payroll), your admin can pre-approve your own domain in the Email Delivery wizard, and those campaigns will land with your real domain in the From: header. Both modes use an explicit consent click and a full audit log of which sender domains you've authorized.
Realistic enough that click rates on first-month simulations typically match what attackers see in the wild — that's the point. Templates cover the highest-volume real-world pretexts (shipping notifications, document-share requests, Microsoft 365 admin alerts, voicemail notifications, invoice fraud, IT helpdesk tickets, payroll updates, CEO wire-transfer requests). Each simulation pairs a brand-correct visual layout with a sender domain that matches the pretext, and the educational debrief shown after a click teaches the specific red flags that template exercised.
Yes. Organize employees into departments and run targeted training campaigns that send specific simulation templates on a schedule. For example, you can run BEC pretexts for Finance, credential-harvesting campaigns for Engineering, and HR-themed lures for everyone during open enrollment.
Forward any suspicious email to check@scamdrill.com and receive an instant AI-powered analysis: sender authentication, content-pattern review, and link inspection — returning a risk score, red flags, and recommended actions within seconds. Included with all Business, Enterprise, and Max organization plans.
Every org plan — Team, Business, Enterprise, and Max — includes audit-ready reports with employee-level detail: simulation delivery records, click and report rates, risk scores, and annual web-based-training completion. Reports export to CSV for SOC 2, ISO 27001, HIPAA, PCI-DSS, and other frameworks. Custom date ranges are supported, and Enterprise+ customers can pull the same data via the REST API.
Enterprise and Max plans include a REST API plus webhook events for real-time campaign activity (sent, opened, clicked, reported). The same plans bundle SAML SSO and SCIM directory sync via WorkOS — works with Okta, Entra ID (Azure AD), Google Workspace, OneLogin, JumpCloud, and any SAML 2.0 IdP, so deprovisioning a user from your IdP automatically deactivates them in ScamDrill.
Yes, on Enterprise and Max plans. Customize primary and secondary colors, sender display names, and email footers across all training and notification mail. Full white-label mode removes ScamDrill branding entirely so simulations and report emails appear as internal training from your security team.
Explore a live demo of the organization dashboard with real data.
Launch Interactive DemoPractical guides for security leaders at small and mid-sized businesses.
Stand up a working program in 30 days — templates, KPIs, and the debrief script.
What annual training misses — and what actually moves click rates down.
The five fraud categories driving the biggest losses in the IC3's 2025 annual report.
Receive updates on monthly scam trends, along with best practices to protect yourself and those you care about.