Logo
Phishforge
Phishforge Blog

Security awareness,
without the fluff.

Research, case studies, and practical guides on phishing, human risk, and building security culture in SMBs.

Human risk
Research·12 Jun 2026·6 min read

Why generic phishing tests stop working after the first run

Employees learn the pattern. After one or two generic password-reset lures, click rates plateau. Here's the data on what actually drives lasting behaviour change.

Read article
AI
Product·4 Jun 2026·8 min read

The tools-to-lure mapping problem: how Phishforge infers what software your team uses

Role-based lure generation requires knowing which tools each employee interacts with daily. We don't ask. Here's how the inference model works.

Read article
Results
Case Studies·28 May 2026·5 min read

From 74% to 9%: a support team's click rate over six months

A 34-person customer support team at a UK SaaS company started Phishforge in January. This is what their risk profile looked like at month six.

Read article
Training
Research·19 May 2026·7 min read

Post-click training: the 30-second window that changes behaviour

The moment an employee clicks a phishing lure is the highest-attention moment in their security education. Most platforms waste it. Here's how we don't.

Read article
Setup
Guides·11 May 2026·4 min read

Setting up Phishforge with BambooHR: a step-by-step walkthrough

From OAuth authorisation to first campaign in under an hour. Everything you need to connect your HRIS and get Phishforge running against real employee profiles.

Read article
Phishing
Research·2 May 2026·9 min read

What makes a phishing lure convincing? The anatomy of a high-click email

Authority signals, urgency framing, domain spoofing, visual fidelity. We dissect the elements that make a lure work — so your team learns to spot them.

Read article

New research and guides, straight to your inbox.

Monthly. No filler. Unsubscribe any time.