Phish your team
before someone else does.
Automated email & text phishing campaigns that show you exactly who clicks, and turn your employees from your weakest link into your last line of defense.
Launch a campaign in minutes · Email & SMS · No security team required
$phis3d launch "Q2 Payroll Update" --channel email,sms
→ sending to 142 recipients…
✓ delivered 142 / 142
• opened 98 · 69%
▸ clicked the link 41 · 29%
17 employees entered credentials
- • 9 from Finance · 5 Sales · 3 Ops
- • 4 are repeat clickers from last quarter
- • all 17 shown the "this was a test" reveal page
report ready, you know exactly who to coach
How it works
Three steps. No security team required.
Most awareness tools are built for enterprise security departments. phis3d is built for the person who just needs to know whether their team would click, and prove they're getting better.
Import your team
Drop in a CSV of names, emails, and phone numbers, or sync a group. Verify your domain once so we know they're yours to test.
Launch a campaign
Pick a realistic template, choose email, SMS, or both, and schedule it. phis3d sends each person a uniquely tracked lure automatically.
See who clicked
Watch opens, clicks, and credential submissions land in real time. Everyone who falls for it gets a friendly 'this was a test' reveal.
Why now
Your people are the attack surface.
Firewalls and EDR keep getting better, so attackers go around them, straight to your employees' inboxes and phones. The only way to find out who'd click is to safely click first.
Most breaches
start with a human clicking a link, not a software exploit.
Smishing is surging
SMS phishing now slips past email filters most tools never test.
Insurers & auditors
increasingly require documented security-awareness testing.
Email + SMS
Most tools stop at email. Attackers don't.
Real attacks come by text too: fake delivery notices, MFA prompts, CEO "quick favor" messages. phis3d runs the same realistic simulations across both channels, so you test how your team actually gets targeted.
- ✓Realistic email lures with per-recipient tracking links
- ✓SMS / smishing campaigns sent to mobile (where filters don't help)
- ✓Track delivered → opened → clicked → credentials entered
- ✓A clear 'this was a training test' reveal, never a real password stored
📧 IT Help Desk
Your password expires today, re-verify to keep access
lure · email · click tracked
💬 +1 (415) 555-0142
[FedEx] Your package is held. Confirm address: hxxp://…
lure · sms · click tracked
Awareness training that people actually remember
A video everyone clicks through once a year doesn't change behavior. Getting safely caught, and seeing the reveal, does.
Compliance
Half your compliance checklist already says "train your people."
Nearly every major security framework requires ongoing security-awareness training, and several now name phishing and social engineering explicitly. Running documented phishing simulations is one of the clearest ways to prove that control to an auditor or insurer.
PCI DSS v4.0
Card payment handlersSecurity awareness at hire + annually. v4.0 explicitly adds phishing & social engineering (req. 12.6.3.1).
HIPAA Security Rule
Healthcare & associatesA security awareness & training program for the entire workforce (§164.308(a)(5)).
SOC 2
SaaS & service orgsAuditors expect documented, recurring security-awareness training (CC1.4 / CC2.2).
ISO/IEC 27001:2022
Certified organizationsInformation-security awareness, education & training for all staff (Annex A 6.3).
GLBA · FTC Safeguards
Financial institutionsSecurity-awareness training for all personnel handling customer data (16 CFR 314).
NYDFS 23 NYCRR 500
NY financial servicesAnnual cybersecurity training that must cover social engineering & phishing (§500.14).
CMMC 2.0 / NIST 800-171
DoD contractorsSecurity-awareness training, including recognizing & reporting threats (AT controls).
Cyber insurance
Most policyholdersCarriers increasingly require awareness training + phishing simulations for coverage.
Awareness training is broader than phishing, and phis3d isn't legal or compliance advice, but simulations with click-through tracking and reporting give you the documented, repeatable evidence these frameworks ask for. Confirm the specifics that apply to your organization.
Find out who'd click before an attacker does.
phis3d is opening early access to a first group of teams. Drop your work email and we'll send your invite, including a free baseline phishing test for your team.