PhishTrainer - Phishing Simulation

PhishTrainer is Bexxo's Swiss phishing simulation software: realistic campaigns, team reports, hosted in Switzerland — in synergy with Bexxo Academy. 91% of cyberattacks start with a phishing email (Proofpoint 2024) — regularly testing your teams is the most concrete defence.

PhishTrainer: evaluate, raise awareness, improve.

Simulate attacks

PhishTrainer is a secure Swiss phishing simulation tool. Thanks to a clear and intuitive interface, you can launch a targeted campaign in minutes to test your employees' vigilance.

Why use a
phishing simulator?

Identify human vulnerabilities

Detect employees most vulnerable to phishing attempts.

Train through experience

Teach your teams to recognize warning signs through concrete situations.

Reduce real risks

Organisations that simulate regularly divide their phishing exposure by 2 to 3 (Proofpoint 2024) — reducing human risk means reducing the cost of an incident, often disproportionate for an SME.

Raise awareness continuously

Maintain a high level of vigilance through regular and varied campaigns.

Measure effectiveness

Analyze results to track progress and adjust your training actions.

Meet compliance requirements

PhishTrainer reports serve as documented proof of due diligence: our clients who simulate regularly have this documentation and are not affected by nFADP fines (up to CHF 250,000).

Without simulation vs. with PhishTrainer

Situation	Without phishing simulation	With PhishTrainer
Human vulnerabilities	Unknown until a real attack — 84% of organizations experienced at least one successful attack (Proofpoint 2024)	Identified by department and profile from the 1st campaign
Team reflexes	Theoretical, untested: 68% of breaches involve a human factor (Verizon DBIR 2025)	Strengthened by repeated realistic simulations — click rate divided by 2.5 after 12 months (Proofpoint 2024)
Targeted training	Generic, hardly memorable	Immediate corrective action for each employee who clicked
Data sovereignty	Hosted abroad, frequent transfers outside Switzerland	100% Swiss — data hosted in Switzerland, client-side encryption available
nFADP compliance proof	Not available	Detailed reports usable for FDPIC audits
Cost of a real incident	High and often disproportionate for an SME	Reduced risk: organisations that simulate regularly divide their exposure by 2 to 3 (Proofpoint 2024)

Why choose PhishTrainer?

Our key assets for an effective simulation

Personalized campaigns in a few clicks
Template library
Detailed statistics
Developed and hosted in Switzerland
Maximum security

Email, page, sender profile, triggering: everything is easily customizable. Launch one-time or recurring campaigns without needing a technical expert.

PhishTrainer gives you access to dozens of email and landing page templates, inspired by real scenarios: fake Microsoft logins, package deliveries, internal campaigns, banks, etc. Enough to vary simulations and avoid repetition.

See at a glance who opened, clicked, or entered their data. Clear reports, ready to be used for your awareness actions or internal audits.

PhishTrainer is developed and hosted in Switzerland, in our infrastructure based in Ins (BE). Your data — campaign results, employee profiles, reports — never leaves Swiss territory. No foreign subcontractors, no transfers outside Switzerland. Native nFADP compliance, with no compromise.

If you wish, all sensitive data is encrypted even before leaving your browser. Result: even in the event of a server incident, no confidential information is exposed.

Curious to see PhishTrainer in action?

Test the interface and explore our phishing simulator.

Access the Demonstration

PhishTrainer in pictures

Dashboard

A clear overview of all your campaigns: click rates, submissions, progress, and detailed real-time results.

Customization

Create custom scenarios in a few clicks: email, landing page, timing, sender profile… everything is easily configurable.

Bexxo Templates

Access a large library of templates regularly updated by our bexxo experts, inspired by real and current threats.

Target Localization

Visualize the geographical distribution of employees who reacted, to better target your awareness actions.

Simulate + Train = a comprehensive approach

PhishTrainer and Bexxo Academy: two complementary tools

PhishTrainer tests and identifies the human vulnerabilities of your teams. Bexxo Academy (academy.bexxo.ch) trains and raises awareness: interactive e-learning modules, quizzes, videos, accessible 24/7 from any device.

Both tools work in synergy: PhishTrainer results (click rate per team, vulnerable profiles) directly guide the training paths on Bexxo Academy. An employee who clicked is automatically redirected to a corrective module. This Simulate → Train → Measure loop is the most effective method to anchor lasting reflexes and reduce human risk.

Bexxo Academy also offers in-person sessions in Ins (BE), for group workshops of up to 20 people.

Discover Bexxo Academy

Frequently asked questions about PhishTrainer

How does a simulation campaign with PhishTrainer work?

In a few clicks, you configure a campaign: select recipients, choose a fraudulent email template (fake Microsoft login, parcel delivery, HR request…), define the timing. Emails are sent to employees. Every action is recorded: opening, clicking a link, entering data. Employees who interacted immediately receive an educational message. A detailed dashboard presents results by team, department, or business unit.

How is the effectiveness of simulations measured over time?

PhishTrainer generates detailed reports after each campaign: open rate, click rate, data entry rate — by team, department, and employee. By running multiple campaigns over 6 to 12 months, you observe the progression: companies that simulate regularly reduce their average click rate by 60 to 70% (Proofpoint 2024). These reports document the evolution of your organization's cybersecurity maturity and can be presented during internal audits or FDPIC controls.

Is PhishTrainer hosted in Switzerland?

Yes. PhishTrainer is 100% Swiss: developed by Bexxo (Ins, canton of Bern) and hosted on servers in Switzerland. No data transfer abroad. Your employees' data and campaign results remain on Swiss territory, in compliance with nFADP requirements. PhishTrainer optionally offers client-side encryption: data is encrypted in the user's browser before being transmitted to our servers. In practice, even our infrastructure cannot access the data in plain text — this is a maximum confidentiality guarantee that few simulation tools can offer.

Is phishing simulation useful for nFADP compliance?

Yes. The nFADP (new Federal Act on Data Protection, in force since September 2023) requires organizational security measures, including raising employee awareness of risks. In the event of a data breach, a company that cannot demonstrate it has trained its teams faces fines of up to CHF 250,000. PhishTrainer campaign reports serve as proof of due diligence: they document the simulations carried out, click rates over time, and the corrective actions implemented.

What is PhishTrainer?

PhishTrainer is a Swiss phishing simulation software developed by Bexxo. It sends real simulated fraudulent email campaigns to a company's employees — with no real risk — to test their vigilance, identify vulnerable profiles, and measure the effectiveness of training. Data remains hosted in Switzerland, in accordance with the nFADP. PhishTrainer works in synergy with Bexxo Academy, Bexxo's e-learning platform.

What is the difference between PhishTrainer and Bexxo Academy?