Test your email security

Is your organization safe from phishing, BEC, and ransomware? Find out with xorlab's Email Attack Simulation.

Get simulation Contact us
attack_similuation_landingpage_hero_visual_attacks

Why test your email defenses with realistic attacks?

magnifier_light

Discover weaknesses as early as possible and before attackers do

gears_light

Complement penetration tests as they often overlook email

document_rectangle_light

Assess your email security posture with the full range of email attacks

Simple and easy email penetration test

xorlab's attack simulation tests your defenses against modern email threats. Choose the attack types to test and get actionable insights to reduce your attack surface – all within one week.

icon_1_orange

Scenarios

Tailor attack types, methods, and obfuscation tactics to your needs.

icon_2_orange

Simulation

Receive realistic attacks from xorlab to the designated inbox.

icon_3_orange

Data export

Submit a PST export of that email inbox.

icon_4_orange

Results

Get results and recommendations – within one week.

Quick results, clear insights

The simulation report offers a detailed assessment of which attack types were detected and which bypassed your current solution.

You will receive tailored recommendations for closing any security gaps.

attack_sim_report_simple_darkbg_en copy
 

Your benefits

 

speed_light

 

Fast and easy – get results in just one week
phishing_light

 

Realistic scenarios – cover the full range of attacks
checklist_rectangle_light

 

Actionable insights – improve your email security posture

The price for our attack simulation is CHF 1'750. We credit this amount to our customers for a follow-up project with xorlab.

Request your email attack simulation

Curious how xorlab detects modern email attacks?

Discover xorlab's platform and learn how behavioral AI strengthens your defenses to stop sophisticated email threats, reducing false positives and operational effort.

Explore platform
contextual_banners_dashboard_widgets

Frequently Asked Questions

What do I need to do?

Nothing – sit back and relax! Once the details have been clarified and you have given us a recipient address, xorlab will start the simulation.

How much effort will the attack simulation require of me?

On average we ask for about 2 hours of your time: For the kick-off meeting, providing a designated mailbox, sending us the PST file export, and attending the meeting where we present the results - that's it!

Do I need to whitelist domains?

No, you don't. As our goal is to test your infrastructure end-to-end, you do not need to whitelist any domains. 

How soon can we start with the simulation?

We will contact you after receiving the request. The only task before getting started with the simulation is for you to choose the scenarios. As soon as these are chosen, we can get started.

Which attack types, methods and obfuscation tactics are part of the simulation?

We discuss your organization's needs and choose from the following:

Attack types: Business email compromise, credential phishing, spearphishing, QR code phishing, malware, and more.

Attack methods: Spoofing, lokalike domain, open redirect, VIP impersonation, brand impersonation, PDF files, Office macros, and more.

Obfuscation tactics: HTML smuggling, QR code, URL shorteners, content as image, and more.

 

Will any of my data be exposed during the xorlab attack simulation?

No, we will only simulate realistic attacks. Your company will not be exposed to real phishing, malware or anything else that could harm your systems.