Phishing is the most common way PHI walks out the door. Accountable's phishing simulation gives you a baseline of how exposed your team is, and a continuous awareness program that quietly improves the score over time.
Two ways to use it
One-time test
A single send to your full team to see where you stand today.
Continuous campaign
Rolling sends on a schedule — weekly, monthly, quarterly, or every six months.
Setting up a campaign
Open Phishing Simulations
Under
Security Testingin the left sidebar.Choose a template
Templates are categorized by attack type (link click or credential harvest) and difficulty (easy, medium, hard). System templates ship with the product, and you can also create custom templates or have Compliance Copilot generate AI-powered templates tailored to your environment.
Pick the audience
Send to all employees, filter by role, or manually select individuals.
Set the cadence
One-time, or recurring (weekly, monthly, quarterly, every six months). Recurring campaigns stagger sends across the calendar.
Launch
The campaign moves through stages: draft → scheduled → sending → active → completed.
What happens when someone clicks
They land on an educational page, not a punishment. The page explains the red flags they missed (sender domain, urgency language, suspicious link). The click is logged for trend analysis, not blame.
Tracking results
Live results show who opened the email, who clicked, and who reported it as suspicious. Each campaign tracks:
- Open rate — Who opened the email.
- Click rate — Who clicked the link or entered credentials.
- Report rate — Who flagged the email as suspicious (the most valuable metric).
Individual employees also get a phishing score over time so you can see who's improving.
Reporting is the goal
What auditors look for
- Evidence that you run phishing simulations regularly
- Trends over time, not just snapshots
- Educational follow-up for users who click
- Documentation of the program in your Security Awareness policy