What happens during a BullPhish phishing simulation?

Phishing simulations are one of the most effective ways to train your team to spot and stop cyber threats. In this guide, we’ll walk you through exactly what happens during a BullPhish phishing simulation and how it helps protect your organisation.

You’ll learn:

• How BullPhish phishing simulations work and why they’re essential for security awareness.
• What a simulated phishing email looks like and the key signs to watch for.
• Steps to take when you receive a suspicious email, including link and address checks.
• What happens after the simulation and how ongoing training keeps your team prepared.

At One2Call, your security is our priority.

That’s why we’ve created this quick guide to show you what happens during a BullPhish phishing simulation.

BullPhish ID is a security awareness training and phishing simulation solution designed to educate your employees about cybersecurity best practices.

Understanding the process helps you spot real attacks and protect your organisation.

The simulation begins with a realistic-looking email, often appearing to come from Microsoft or another trusted brand.

Tip: Look for signs of phishing  - unusual sender addresses, urgent language, or anything that feels “off”.

Warning signs to look for:

• Generic greetings like “Dear Customer” instead of your name.
• Unusual sender address or domain (e.g., misspellings or extra characters).
• Urgent or threatening language such as “Act now” or “Your account will be closed”.
• Unexpected attachments or links — especially ZIP or PDF files.
• Poor grammar or spelling mistakes (though attackers are getting better at avoiding these).
• Requests for sensitive information (legitimate companies rarely ask for passwords via email).

Learn more about spotting suspicious emails

Before clicking, hover over any links to check where they lead. Attackers often disguise malicious URLs behind official-looking text.

Tip: Always hover before you click and verify the web address carefully.

How to check links safely:

• Hover over the link (don’t click) to reveal the actual destination URL.
• Look for HTTPS and a valid domain name (e.g., microsoft.com, not micr0soft-secure.com).
• Beware of shortened URLs or links that don’t match the sender’s domain.
• Check for subtle spelling changes in the domain name (e.g., “paypa1.com” instead of “paypal.com”).
• Never trust links in urgent emails - go directly to the official website instead

Learn more about suspicious links and addresses

If you click through, you’ll land on a page that looks completely genuine, using official logos and layouts. This is designed to show how convincing phishing sites can be.

Tip: Double-check the URL before entering any details.

If you enter your username and password, don’t worry — this is just a simulation. Your details aren’t real, and the goal is to demonstrate how easy it is to get caught out.

Don't worry. Immediately after submitting, you’ll see a clear message explaining that this was a test, not a real attack. You’ll also get a short video showing what to look out for and how to avoid phishing attempts in the future.

To keep your skills sharp, you’ll receive short training videos throughout the month. These help you recognise threats and protect your organisation from real attacks.

Remember: If something looks suspicious, stop, verify, and report it. For extra support, contact the One2Call team — we’re here to help.

Need help? Support is just a click away.

One2Call customers can access the One2Call Service Hub directly in Microsoft Teams (look for it on the left-hand side, or click the three dots to find more apps).

From there, you can raise a support request by email, phone, our website, or the client portal—or just chat with our support team in Teams.

We’re here to help, whenever you need us.