A: Go to the PhishFit website and click on the “Register” or “Sign Up” button. You’ll need to provide basic contact information for yourself and your business details (name, address, primary email, timezone).

A: Yes! When you sign up, you automatically start on a free 14-day trial plan. This lets you test out the features with a limited number of employees.

A: You’ll need your business name, address, a primary contact email for the business, and your business’s main time zone (this helps schedule emails appropriately)

A: On your dashboard, there’s an “Add Employee” section. Simply enter their first name, last name, and business email address.

A: PhishFit will try to automatically learn a bit about your business using public information (like your website) to make the fake phishing emails slightly more relevant (this uses AI and requires a standard or enterprise plan). You can view, edit, or delete this information on your dashboard. It’s an optional feature to potentially increase test realism but not essential for the core service.

A: Yes. On your dashboard, next to each employee’s name, there is a “Manual Test” button. Clicking this will send a test email to that specific employee shortly (within about 30 seconds).

Q: An employee says they aren’t receiving the test emails. What should I do?

A: There are a few reasons why this might happen:

• Check Spam/Junk: First, always ask the employee to check their spam or junk mail folder. Sometimes, even legitimate emails end up there.
• Email Filtering Might Be Working: It’s actually possible your email system’s security filters are doing a good job and correctly identifying our simulated phishing emails as suspicious! While that’s good for real threats, for effective training, we need the tests to reach the inbox. This requires “whitelisting”.
• Whitelisting Needed: To ensure PhishFit test emails get delivered reliably for training purposes, you may need to configure your email system to trust emails coming from our sending domains. This process is called whitelisting.
  • Domains to Whitelist: You should whitelist the following domains used by PhishFit:
    • mailservers.au
    • verify.exchange
    • emailsecure.org
    • email.phishfit.co (used for notifications/system emails)
  • How to Whitelist (Common Platforms):
    • Microsoft 365 (Office 365): This usually involves setting up a “Mail Flow Rule” (also known as a Transport Rule) in the Exchange Admin Center to bypass spam filtering for emails sent from the domains listed above. You might also look into the “Advanced Delivery” policy settings. Microsoft’s documentation provides detailed steps.
    • Google Workspace (G Suite): You typically need to add the PhishFit sending domains to an “Allowlist” within the Gmail settings in your Google Admin Console (often under Spam, Phishing, and Malware settings). Google’s help documentation has specific instructions.
  • Need Help Whitelisting? Setting up whitelisting can sometimes be tricky depending on your specific email configuration. If you are on any of our paid subscription plans, our support team is happy to provide more specific guidance to help you get this configured correctly. Please reach out to us.
• Check Schedule: Lastly, double-check the “Next Scheduled Email” date for that employee on your PhishFit dashboard. It might simply not be time for their next test yet according to the frequency you’ve set.

A: No, PhishFit does not store your actual password. It stores a secure, irreversible representation (a “hash”) of your password using industry-standard methods. This means even we cannot see your original password.

Q: An employee says they aren’t receiving the test emails. What should I do?

A: There are a few reasons why this might happen:

• Check Spam/Junk: First, always ask the employee to check their spam or junk mail folder. Sometimes, even legitimate emails end up there.
• Email Filtering Might Be Working: It’s actually possible your email system’s security filters are doing a good job and correctly identifying our simulated phishing emails as suspicious! While that’s good for real threats, for effective training, we need the tests to reach the inbox. This requires “whitelisting”.
• Whitelisting Needed: To ensure PhishFit test emails get delivered reliably for training purposes, you may need to configure your email system to trust emails coming from our sending domains. This process is called whitelisting.
  • Domains to Whitelist: You should whitelist the following domains used by PhishFit:
    • mailservers.au
    • verify.exchange
    • emailsecure.org
    • email.phishfit.co (used for notifications/system emails)
  • How to Whitelist (Common Platforms):
    • Microsoft 365 (Office 365): This usually involves setting up a “Mail Flow Rule” (also known as a Transport Rule) in the Exchange Admin Center to bypass spam filtering for emails sent from the domains listed above. You might also look into the “Advanced Delivery” policy settings. Microsoft’s documentation provides detailed steps.
    • Google Workspace (G Suite): You typically need to add the PhishFit sending domains to an “Allowlist” within the Gmail settings in your Google Admin Console (often under Spam, Phishing, and Malware settings). Google’s help documentation has specific instructions.
  • Need Help Whitelisting? Setting up whitelisting can sometimes be tricky depending on your specific email configuration. If you are on any of our paid subscription plans, our support team is happy to provide more specific guidance to help you get this configured correctly. Please reach out to us.
• Check Schedule: Lastly, double-check the “Next Scheduled Email” date for that employee on your PhishFit dashboard. It might simply not be time for their next test yet according to the frequency you’ve set.

A: This usually happens if:

• You deactivated scheduling in your dashboard settings.
• Your subscription has expired or is inactive (check the /subscription page).
• You have more active employees than your current plan allows (check the dashboard for warnings).

A: Yes! When you sign up, you automatically start on a free 14-day trial plan. This lets you test out the features with a limited number of employees.

A: Yes, the number of employees you can add depends on your subscription plan (including the trial). If you reach your limit, you’ll need to upgrade your plan or remove inactive employees to add more. The system will also pause automatic tests if you go over your limit.

A: PhishFit offers different subscription plans (‘trial’, ‘standard’, ‘enterprise’) suitable for various business sizes. Pricing details and the specific features/employee limits for each plan are available on the /subscription page of the application. The Enterprise plan is priced per user (with a minimum user count) while the Standard plan likely has a fixed price for a set number of users.

A: Payments are handled securely through Stripe. You can choose a plan and enter your payment details on the /subscription page during the checkout process.

A: From the /subscription page, there is a link or button to access the secure “Customer Portal” (managed by Stripe). There you can update your payment method, view invoices, and manage or cancel your subscription.

A: You will need to upgrade your subscription plan to accommodate more users. You can do this via the /subscription page. If you are on the Enterprise plan, you can add users directly through a form on the subscription page (additional charges may apply).

Q: An employee says they aren’t receiving the test emails. What should I do?

A: There are a few reasons why this might happen:

• Check Spam/Junk: First, always ask the employee to check their spam or junk mail folder. Sometimes, even legitimate emails end up there.
• Email Filtering Might Be Working: It’s actually possible your email system’s security filters are doing a good job and correctly identifying our simulated phishing emails as suspicious! While that’s good for real threats, for effective training, we need the tests to reach the inbox. This requires “whitelisting”.
• Whitelisting Needed: To ensure PhishFit test emails get delivered reliably for training purposes, you may need to configure your email system to trust emails coming from our sending domains. This process is called whitelisting.
  • Domains to Whitelist: You should whitelist the following domains used by PhishFit:
    • mailservers.au
    • verify.exchange
    • emailsecure.org
    • email.phishfit.co (used for notifications/system emails)
  • How to Whitelist (Common Platforms):
    • Microsoft 365 (Office 365): This usually involves setting up a “Mail Flow Rule” (also known as a Transport Rule) in the Exchange Admin Center to bypass spam filtering for emails sent from the domains listed above. You might also look into the “Advanced Delivery” policy settings. Microsoft’s documentation provides detailed steps.
    • Google Workspace (G Suite): You typically need to add the PhishFit sending domains to an “Allowlist” within the Gmail settings in your Google Admin Console (often under Spam, Phishing, and Malware settings). Google’s help documentation has specific instructions.
  • Need Help Whitelisting? Setting up whitelisting can sometimes be tricky depending on your specific email configuration. If you are on any of our paid subscription plans, our support team is happy to provide more specific guidance to help you get this configured correctly. Please reach out to us.
• Check Schedule: Lastly, double-check the “Next Scheduled Email” date for that employee on your PhishFit dashboard. It might simply not be time for their next test yet according to the frequency you’ve set.