Frequently asked questions - Zacco - VPhish Zacco VPhish
Zacco logotype VPhish


VPhish has been designed to be user-friendly and accessible to all, including non-technical staff. Anyone with a login can easily execute a Phishing campaign with just a few clicks.

No development is necessary, unless you want to. VPhish comes with a library of 20+ pre-built phishing scenarios, crafted by a team of security analysts from our Threat Intelligence division. You can simply choose a template, customise it as needed and then launch your campaign.

It depends on the size of the campaign but Scenario selection and Landing Page development can be completed in a matter of minutes. Selecting targets may require more time depending on the size of your target audience.

None at all. While subscribed to VPhish you will have full access to the library of pre-existing landing pages, each of which can be fully customised before launch.

VPhish has a user-friendly inbuilt editor, which allows users to create Awareness Raising material alongside your Landing Pages.

Not necessarily. You can create a campaign and complete it in stages. VPhish saves the progress as you develop the campaign and you can choose how and when to launch it.

No, once a campaign is scheduled and executed, it will launch at the time you have set. You will need to be connected to the internet when confirming the campaign so that the instructions for launch are sent.

VPhish never captures any data that users enter during a campaign so even those with admin privileges will be unable to view any of the information previously entered.

Yes, VPhish related domains and addresses acknowledged in the business agreement should be whitelisted by your organisation to pass through your company firewall and other detection infrastructure. An SLA with the VPhish team ensures secured communication through these domains and IP addresses.

The index helps an organisation to understand how vulnerable their employees might be to a phishing attempt, based on an overall campaign report. Based on the results, the admin can develop and launch multiple campaigns to ensure the index returns to (and remains) at ‘Green’.

Yes, but these must be configured by the VPhish team and will be based on the SLA.

VPhish secures all communication sent within the application through 256 bit SSL encryption. No details are sent in clear text.

VPhish allows you to send a Test Email to one user before final execution of the campaign. However, this will not be counted in the Campaign Report.

VPhish is designed to raise organisational awareness of phishing threats as well as to help identify employees who might be more susceptible to an attack. A ‘cyber-aware’ employee should be able to alert the wider organisation to a genuine phishing attack as and when they occur. VPhish Reporter is an Outlook plugin, which allows employees to immediately report a suspicious email to the IT Admin, allowing them to potentially identify or block further attempts.

No, VPhish is concerned about your privacy too and we will not get a copy of any emails reported by your employees.