Stickley on Security Stickley on Security Inc. - Cybersecurity Education & Awareness Solutions
We use cookies to give you a more relevant browsing experience and improve our website. Using this site means that you agree with our Use of Cookies Policy.


Phishing is the most common term used to represent email attacks, but that name can often be misleading and downplay the enormous risk that comes from these types of emails. Today, criminals use phishing attacks to not only gain login credentials and confidential information, but also to gain control over desktops and ultimately the networks of the compromised systems. Through creative new emails, unpatched applications, and a never ending supply of increasingly robust malware, the phishing attack now ranks as one of the top entry points into compromised organizations throughout the world.

For over 30 years Jim Stickley has been using these techniques to compromise organizations that range from armed government facilities to community banks and credit unions. Using this unique skill set, Stickley has designed BadPhish, the world's most advanced phishing simulator and education solution. Just sending a forged email does little to test an employee. At this point, most employees are aware of basic phishing concepts and are likely to detect these types of attacks. However, as criminals become more sophisticated, so do their emails. That's why BadPhish uses a hybrid approach to phishing simulation. Now, organizations are able to choose from a vast database of pre-defined payloads and then use simple customizations techniques to create one of a kind tests that match the most sophisticated attacks that criminals are using today. With this design, BadPhish offers an unlimited number of unique tests that an organization can perform.

Of course testing employees is only the beginning. BadPhish also provides general security training when an employee fails a phishing test. In addition, for those organizations with Employee EDU, BadPhish has been integrated, allowing for easy customized course assignment and tracking upon failure of a phishing test. Simply put, you are no longer just simulating attacks, you are actually educating your users and validating their progress. Supporting the option to purchase one time testing or purchasing yearly service, which includes unlimited continual testing, BadPhish offers a solution that fits your organizations needs and with comprehensive reporting and an easy to manage cloud-based interface, it's easy to see why BadPhish has become the next generation phishing simulator and education solution. Of course don't just take our word for it, Sign up now to see a demo of BadPhish today!


Badphish is an extremely comprehensive phishing simulation tool. Below is a list of some of the features available through Badphish but if you are truly interested in a phishing simulation solution, please sign up now to schedule a live demo. That way you will get to see everything and have all your questions answered.

  • Continued or one-time campaigns
    Administrators have the option of setting up "One-Time" campaigns that will send out a single phishing attack against all assigned employees or a more comprehensive campaign in which users will be tested several times over an assigned number of months.
  • Advanced payload design
    Each phishing test includes a payload. The payload is the actual design of the email that will be sent. Payloads can test users on malicious links, malicious attachments, malicious downloads and even requests for confidential data. In addition to the numerous payloads provided by Stickley on Security, administrators have the ability to edit existing payloads or even create their own.
  • Comprehensive testing options
    Badphish allows you to get as granular as you like. Phishing campaigns can be setup in as little as a minute or administrators can choose to manage each of the advanced settings to create a campaign that is very specific to the needs of the organization.
  • Automatic course assignment when users fail
    When a user fails a phishing test, an education course can be automatically assigned to them. This can be one of the many cyber security education courses provided by Stickley on Security or a new course created by your organization to meet your specific needs. Each phishing campaign can be different with its own unique course assignment.
  • Detailed reporting with trending data
    Detailed reports that outline the results of the phishing campaign are available through the online portal. Manage the results online or generate PDF and CSV reports to meet your compliance needs.


Have questions? Call us anytime!