After your baseline test, your users may ask you questions about the simulated phishing email they received and some users may not have known a simulated phishing test took place. As a best practice, we recommend that you email your users to explain what the baseline test was and stress the importance of security awareness training. You may want to include the results of the test or warn your users that more phishing tests are on the way. 

Below we have provided you with a sample email that you can use as a template for composing your own email. Be sure to review and change the example text to align with your organization and security awareness plan.

You may be aware that we recently ran a simulated phishing test. The purpose of this test was to determine how our organization would react if a real phishing attack were to occur. The percentage of users who clicked the link in this simulated attack was [XX] percent.

Phishing is a type of cybercrime where hackers try to gain access to your personal information such as usernames and passwords. To help combat the rise in cybercrime like phishing attacks, we decided to partner with KnowBe4. All employees will be enrolled in KnowBe4’s security awareness training. 

You will receive an email inviting you to take KnowBe4’s security awareness training. We will also continue to send out simulated phishing tests so you can practice the skills that you will learn during your training. Be on the lookout for these emails in your inbox.

We depend on you as the last line of defense against cybercrime.

Thank you,

John Doe

Organization Name

For more information on our best practices for security awareness training, please see our Best Practices Guide.