Phishing tests catch people—they don't teach them
"We went from 23% phishing click rates to under 5% after rolling out social engineering roleplay. Employees finally understand the tactics because they've experienced them firsthand—safely."
How JoySuite Builds Security Awareness
Your employees click on phishing links, then feel embarrassed when caught. Traditional training shows videos they forget. Real attackers use sophisticated pretexting, urgency, and authority tricks that a slideshow can't prepare anyone for. You need practice, not lectures.
Learn by experiencing attacks (safely)
Set up your scenarios
Upload your security policies, pull from your Knowledge Center, or let JoySuite generate realistic attack scenarios. Include real-world examples from your industry and common attack patterns. Learn about Instant Upskilling →
Employees practice in roleplay
Employees use the JoySuite assistant Dahlia's /roleplay command to start a session. Dahlia becomes an attacker—posing as IT support, a vendor, or an executive—using real manipulation tactics.
Get instant coaching feedback
After each exchange, employees see what red flags they spotted and which ones they missed. Learn to recognize urgency tactics, authority impersonation, and information requests that should raise alarms.
Track progress and assign practice
Security teams see completion rates and performance scores by department. Assign additional practice for high-risk roles or employees who need more reps.
Key Features
⚡ Realistic Simulations
Dahlia plays convincing attackers using actual manipulation tactics from phishing, pretexting, and smishing.
🎯 Instant Feedback
After each exchange, employees see what red flags they spotted and which ones they missed.
📊 Progress Tracking
Security teams see completion rates and performance scores by department to identify high-risk areas.
🔄 Adaptive Scenarios
Scenarios respond to employee actions in real-time, creating unique learning experiences each session.
What you can feed it
JoySuite works with whatever you have—no need to polish your notes first.
Phishing Examples
Real attacks your org has seen
Security Policies
Your verification procedures
Smishing Examples
Malicious SMS patterns
Industry Threats
Attacks targeting your sector
Red Flag Library
Warning signs to recognize
Response Protocols
How to report suspicious activity
Adapt this recipe for your needs
Phishing Email Practice
Practice identifying malicious emails—spotting fake sender addresses, suspicious links, and urgency tactics.
Smishing (SMS Phishing)
Practice identifying malicious text messages claiming to be from banks, delivery services, or IT—and knowing when not to click.
Pretexting Scenarios
Practice resisting elaborate cover stories designed to build trust before requesting sensitive information.
Executive Impersonation
Practice recognizing CEO fraud and business email compromise attempts that create false urgency.
What you'll get
Here's a sample training scenario with coaching feedback:
Scenario: IT Support Impersonation
You receive an unexpected message from someone claiming to be from your IT help desk.
Attacker (Dahlia)
"Hi, this is Mike from IT support. We've detected unusual activity on your account and need to verify your identity immediately to prevent a security lockout. Please reply with your employee ID and the last four digits of your SSN so I can reset your credentials. This is urgent—you'll be locked out in 10 minutes if we don't resolve this now."
Your Response
"I'm not going to provide that information over chat. If there's really an issue with my account, I'll contact the IT help desk directly through the official support portal or phone number on our intranet."
Feedback
- ✓ Didn't provide sensitive information
- ✓ Recognized the unusual request channel
- ✓ Offered to verify through official channels
- ✓ Didn't let urgency override caution
- → Bonus: Report this to security team
Who This Is For
All Employees
Learn to recognize and resist phishing and social engineering through hands-on practice.
Security Teams
Deploy effective training that actually changes behavior, not just checks a compliance box.
Finance & Executive Teams
Practice recognizing CEO fraud, wire transfer scams, and targeted attacks on high-value roles.
Compliance Officers
Meet security awareness training requirements with engaging, measurable programs.
Frequently Asked Questions
How does AI help with phishing awareness training?
JoySuite's AI plays realistic attackers using actual manipulation tactics. Employees practice responding to phishing, pretexting, and social engineering attempts in a safe environment with instant feedback on what they did right and wrong.
Is this more effective than phishing simulations?
Traditional phishing tests catch people but don't teach them. Roleplay training helps employees understand the tactics firsthand. One customer reduced click rates from 23% to under 5% after implementing roleplay training.
What types of social engineering attacks can employees practice?
Phishing emails, smishing (SMS phishing), pretexting (elaborate cover stories), CEO fraud, business email compromise, IT support impersonation, and vendor impersonation scenarios.
Can I track which employees need more security training?
Yes. Security teams see completion rates and performance scores by department. Assign additional practice for high-risk roles like finance or executives, or employees who need more reps.
Does the training use real attack examples?
Yes. Upload real attacks your organization has seen, industry-specific threats, and common patterns. The AI generates scenarios based on actual tactics attackers use.