phishing test - Train employees to be alert with incoming emails

With our phishing simulation test, you have a customized phishing test. Our email security tests are done without having to install any software. We discuss the possible scenarios with you or one of your employees with the main goal to increase the awareness of email security and to reduce the risk of phishing attacks in the future.

Very often employees click on a link and supply a password because they think it is a correct link. 

With our phishing test you can learn to recognise a phishing and spoofing email. There are more advantages to having the phishing test circulate within your organisation: you get a better grip or understanding of the email settings. The technique at the backend of the email can be set in a way that ‘spoofing mails’ should not be able to arrive. After our test, you will receive advice on how to reduce the risk of phishing and how to reduce the chances of phishing.

Do you recognize yourself in these questions?
  • Can I have an email test done?
  • Can an e-mail start ransomware?
  • Is my computer properly protected against e-mails with a virus?
  • How can an e-mail put a virus in my computer?
  • Would an employee of my company fall for a phishing e-mail?

The email test

BSM has developed a useful email test to get an idea of how employees deal with emails and links in emails. The test is built in our own platform with our own developed software.
The test allows you to see if you are protected against ransomware and other attacks that can be used to attack your organisation via email.

For example, our software can send a fake phishing mail from a fake identity that we have created to a specific email target within your organisation. You can choose from the following options:

  • ‘Phishing and spoofing test’: we send your employees a phishing email specifically for obtaining passwords;
  • ‘Spoofing link test’: we send your employees a phishing email with the specific purpose of getting them to click on a link without being asked to enter a password.
  • ‘Test virus’: we send your employees a test virus in an email, which tests the security of the route to the user’s email program.
  • ‘Test Macro virus’: we send your employees a macro virus, which is packed in a Word or Excel file and can be unpacked. It tests the security of Office and the behaviour of the employee.
  • ‘Image test email’: we send an employee a tracking image;
    Integrity test email: what do employees do with an email that tempts them to violate their integrity?

What does the phishing simulation bring you?

Our experience is that Ransomware, in all cases that we have seen with our customers, came in via an email or started with an email. Sometimes hackers did this by putting an unpleasant link in the email, sometimes they did this with an attachment in the email.

With our email test you will get an insight into the weak spots in your organisation and you can see what possibilities hackers have by using email. Our phishing test does not cause any damage. You will gain insight in the email security per workplace and whether employees handle a suspicious email wisely, or whether they would fall into a hacker’s trap.

How does our email test work?

After your agreement to our proposal, we make a test plan that suits your work environment and organization and we start the tests at a time that is agreed with you.

What do we test?


  1. First we test your technology. Because the email is spoofed, the email should not have arrived at the email receivers. If the email does arrive, then your system administrator can make this more secure. Do you need help improving your email settings? BSM can also secure this part for you.
  2. Then the actual phishing test starts. Which of your employees clicks on the link in the e-mail and (even worse) which of them provides their real password?
    Don’t worry, our servers will strip the password immediately. The passwords do not come into our possession. A real hacker would of course keep this password and possibly use it to retrieve files.
  3. After the email security test, we make an overview of the number of people who have clicked on the link and the number of people who have entered the passwords. You also get the name of these people back so that a learning moment arises. We also make an anonymous report so that it can be discussed within your organisation. If necessary, we can set up online learning software to train people further.

You do not need any technical knowledge and after the email test you will immediately know how aware employees are of ransomware or viruses that can be sent by email.

A hacker who uses similar techniques to steal your passwords will use or resell this confidential data. During the test, BSM does not get hold of your data and also has legal confidentiality.



Setting up the email test € 400 + € 5.00 per mailbox

* from 250 mailboxes we give discount

Explanation of the price:

Discussing and setting up the email-test, going through the test with 1 trial email is usually done together with our contact person and takes about 1 hour. Also a website page for your specific test campaign will be prepared. The discussion, the work involved in setting up the e-mail test and web page and the administrative processing (creating a new client, invoicing, etc.) are included in the costs.

The price per mailbox includes the report after the phishing test.

Not included in the price are training after the tests and the travel and accommodation costs if we do ‘on-site’ evaluations. The price is exclusive of VAT.



Explanation Phishing

Phishing is a technique commonly used by hackers to obtain information from you or your colleagues. A common method is to build a fake website where the victims then enter their passwords. Our server also has this kind of pages to which we try to lure your employees with links.

Consequences of a successful phishing attack

If a hacker has carried out a successful phishing attack, the gateway to your company data is usually open for the hacker. Sometimes a hacker will break into your computers himself, but because so many people still fall for phishing attacks, large lists of passwords are usually collected and sold for a lot of money.

Spoofing explained

Spoofing involves mimicking someone’s identity or digital data, and there are many ways to do this. In an email test, spoofing means that we send an email from our own email test system, but that it seems to the recipient that the email comes from a known person. Their screen shows as sender the email address and the name of someone else. Unfortunately, this is very easy to do with email, which is why it is used so much by hackers.  Spoofing usually aims to increase the level of trust so the recipient will be more likely to follow the hacker’s instructions. An instruction could be: “I’m the ict administrator, please click that link for me,” or “salary payment from Jannie next month should be on this account.”

Consequences of spoofing:

Because employees of your company are more likely to trust a spoofed email from a hacker, there is a chance that your company will be hacked. As a result, your secret data may end up on the street or a computer system may be sabotaged or rendered unreadable. Usually, in such a case, you will be asked to pay a large sum of money to the hacker in Bitcoins. It is also possible that spoofing results in money being deposited in the wrong account, which is then called “Jannie’s account”, but is actually the account of a hacker.

Ransomware explained:

Ransomware is the name for a type of virus that can hold your computer, server or database hostage. It is therefore also called hostage software.

The trend with many viruses, including ransomware, is that the attack techniques are becoming smarter and smarter and more and more different hacking techniques are being combined. For example, the Wannacry ransomware virus was responsible for enormous damage. The first step of the attack was probably an email containing the virus. Once the virus had entered an internal network because an unsuspecting employee opened an attachment, it was able to spread independently via a security breach in the network connection of all internal computers.

Has your organisation created or commissioned its own servers, data files or software? Then it is good to know that new types of ransomware sometimes quietly encrypt and decrypt for months so that all backups are also encrypted. Then the remote hacker suddenly deactivates the decrypt program and all backups are “taken hostage”.

Consequences of ransomware:

With ransomware, the hacker’s goal is always to get ransom for “hostage” files. For the victim, however, it is uncertain whether the hacker will actually return the files after payment.

Ransomware can have enormous consequences; it can bring down all of a company’s computers and servers, and sometimes even multiple companies across multiple countries.

An informative article about the five known ransomware attacks can be read at

BSM has also seen the consequences of ransomware at its clients. Some companies had insufficient security and therefore lost a lot of data forever.

In addition, these days you have the obligation to report a data breach.

Investigate how easily ransomware could cause damage to you with our email test.

Contact us directly

Do you have any questions? We would be pleased to hear them.