Teachers, front office, payroll, and administrators handle student records and district money all day — and attackers know exactly when report cards, W-2s, and tuition payments go out. ScamDrill drills your staff with the scams that target schools.
Transparent pricing on the organizations page · cancel anytime
Education combines sensitive records, public staff directories, and lean IT — a combination attackers like.
A child's identity can be misused for years before anyone notices. Staff who handle records protected by FERPA are a standing target for credential phishing.
Attackers time payroll-diversion and gift-card scams to enrollment, W-2 season, and grant deadlines — and your staff directory is usually on the website.
One technologist covering hundreds of staff can't also run an awareness program by hand. Automation has to do the repetition.
Train front office, teaching, and administrative staff with scenarios they'll actually recognize.
Superintendent impersonations, fake payroll-portal logins, vendor invoice swaps, and parent-impersonation emails — over email and SMS.
Group staff by building or function — front office, payroll, teachers — and see which groups need more practice.
Drills spread across the semester on your calendar, not dumped on staff during finals week.
Awareness modules with per-person completion records, ready for the district office or your auditor.
Staff who click get an immediate, private lesson — the tone is coaching, not gotcha. That matters in a faculty lounge.
Pricing is on the website, billed without surprises, with a 30-day free trial to show value before a purchase order.
Schools don't just lose money in a breach — they lose families' trust.
Staff with access to education records are the gatekeepers FERPA assumes. Training the people with the keys is the practical control, and completion records show the district took it seriously.
Exportable training and simulation reports give superintendents and school boards a concrete answer to "what are we doing about phishing?"
Most teams send their first simulation the same day they sign up.
Self-serve signup with a 30-day free trial — no procurement dance to start evaluating.
CSV upload from your SIS or HR export. Group however your school actually works.
Pick scenarios and spread drills across the term, skipping testing weeks.
Completion certificates and trend reports, exportable for the board.
Staff. ScamDrill for organizations trains the adults who handle records, payroll, and money — the people attackers actually email. (Families who want to train kids and grandparents use our separate family plans.)
Yes. Campaigns run on dates you choose, so drills can follow the term calendar and avoid exam weeks or breaks entirely.
The design works against that: lessons after a missed drill are private and explanatory, and reporting emphasizes group trends. Many schools frame it as professional development, not testing.
No. ScamDrill only needs staff names and work emails (plus phone numbers if you enable SMS drills, with each person's consent). Student records never touch the platform — see our security page.
Plans are priced by organization size and published on the organizations page. Multi-school districts can contact us about structure.
Start with the 30-day free trial and have your first staff drill out this week.