Staff notification template

Before enrolling staff, we strongly recommend telling them that simulated phishing training is starting — it sets the right tone (this is practice, not a trap), improves engagement, and helps meet transparency obligations. Adapt the note below to your organization and local law. Some jurisdictions or works councils require prior consultation or consent; check with your HR/legal advisors.

Why notify staff

Email template

Copy and edit the following. Replace the bracketed parts with your own details.

Subject: We're starting phishing-awareness training

Hi team,

Phishing and scam emails are one of the most common ways attackers try to reach organizations like ours. To help us all get better at spotting them, we're starting a short, ongoing security-awareness exercise with a tool called Spotting The Bait.

From time to time you'll receive a simulatedphishing email. It's completely safe — it's a practice example, the links don't do anything harmful, and there's no penalty for getting one wrong. Each one takes under a minute: you decide whether it's a real-looking scam or legitimate, and you'll immediately see the answer and the tell-tale signs to watch for.

This is about building a skill together, not catching anyone out. We track participation and overall progress to see where a bit more support would help — not to single people out.

If you have any questions, reach out to [name / IT / security contact].

Thanks,
[Your name]

A few tips

See also our Privacy Policy and Data Processing Agreement.