Comms template - Simulations

We recommend sharing a phishing simulation communication with your users as part of onboarding before any campaigns are sent.

This helps set expectations early, reduces confusion, and ensures users understand how to respond appropriately from the start.

Below is a ready-to-use communication template that can be shared with your organisation ahead of your first campaign.

Template: 

Hi everyone,

As part of our ongoing efforts to keep our systems, data, and colleagues safe, we’ll soon be introducing phishing simulation emails across the organisation.

These emails are designed to look similar to real phishing attempts and will be sent periodically to help us understand how well we recognise and respond to suspicious messages. Cyber-attacks increasingly target people through email, so practising how to spot these threats is one of the most effective ways to strengthen our overall security.

It’s important to stress that this exercise is not about catching anyone out or assigning blame. The goal is purely educational. The simulations help us identify where additional guidance or training may be useful so we can better protect the Trust together.

If you do interact with a simulated phishing email, you’ll receive immediate feedback explaining the signs that could have helped identify it. This is simply part of the learning process and nothing to worry about.

What you should do:

• Continue to treat unexpected or unusual emails with caution
• Report suspicious emails using the usual reporting process
• If you’re unsure about a message, it’s always better to report it

Cyber security is a shared responsibility, and these exercises help ensure we’re all better prepared to recognise real threats.

Thank you for helping keep the Trust secure.

Best regards, [Name] [Team / Department]