Features

Tailored simulations

Our simulations give your team hands-on practice with the latest tactics used by bad actors, offering real-time feedback that helps them more naturally spot and respond to threats.
Start your 14-day free trial
A white phishing email on a purple background, designed to appear as if the fake company 'Currency Cloud' has sent someone $500. Three overlapping profiles are partially covering the email, each showing an image, name, and action tag. The first profile is a man, Devon Miles, who 'Clicked.' The second is David Perez, who 'Reported.' The third is Willie Tanner, who 'Leaked.'

“Pistachio has been successful at making our employees considerably more aware and alert of phishing attempts.”

"Verified User in Education Management
(Mid-Market)"

Source: G2

Feature Overview

Our simulations help build long-term resilience

Illustration of an envelope containing a white paper designed to look like an email. Three data tags are connected to the envelope by a dotted line. The tags display 'Oslo, Norway,' 'Google Docs,' and 'Senior Digital Marketer,' each accompanied by an icon. The background is purple.

Tailored to every person

We tailor the content of our simulations to each person's specific traits, like their role, software or location.

No manual set-up

Leave the logistics to us. We'll handle everything for you, making sure your team gets the best training without any management on your end.

Adaptive difficulty & frequency

We adjust the difficulty and frequency of our simulations based on how they do. If they need extra help, we'll step in with targeted support.

Available Categories

Our simulations cover every category

  • Card and subscriptions
  • Meeting invitations
  • File sharing and requests
  • Security notifications
  • Financial transactions
  • Social media activity
  • Payslips and work planning
  • Password issues
  • Order and shipping confirmations
  • Confirm email requests
  • Software invitations
  • Invoicing and refunds
  • Offers and newsletters
  • Government and authorities
  • Government and authorities
  • Offers and newsletters
  • Invoicing and refunds
  • Software invitations
  • Confirm email requests
  • Order and shipping confirmations
  • Password issues
  • Payslips and work planning
  • Social media activity
  • Financial transactions
  • Security notifications
  • File sharing and requests
  • Meeting invitations
  • Card and subscriptions

Delivered to Outlook

Types of Simulations

Diagram on a purple background featuring an illustration of a stack of paper in the center, with the profile image of a man. Lines connect to the stack on all four sides. At the bottom, a data tag labeled 'Interaction Data' connects to an illustration of two envelopes on the right side of the stack. On the left side, the Microsoft logo is connected by a dotted line to a data tag that says 'New Org Data,' leading to the top part of the stack of paper.

C-Suite Impersonation

Learn to spot fake requests from C-level executives where authority is used to deceive. It's about trusting one's instincts and double-checking before acting.

A white rectangle featuring blurred-out text and a purple section indicating that something can be added to that area. Below, a cursor is holding a white rectangle displaying a profile image, a name, and a role. The hand appears to be placing the name at the end of an email, representing C-suite impersonation.

Brand Spoofing

Identify subtle signs of email spoofing, where bad actors impersonate well-known brands. This helps users avoid falling for seemingly trustworthy traps.

Line of logos on a beige background featuring Trello, Slack, and Dropbox. The logos fade on both sides, indicating that more logos are present beyond the visible area.

QR Code Phishing

Learn to spot the dangers of scanning unfamiliar QR codes, especially in unusual contexts. This simulation teaches users to pause and think before taking what might seem like a routine action.

White card featuring blurred text and a QR code, which appears to be in the process of being scanned, indicated by purple highlights.

Sequenced Reminders

Practice recognizing when follow-up emails feel off, even if they seem urgent. This simulation helps users stay alert and cautious under pressure.

White card featuring an email icon labeled 'Microsoft Teams: Invite to a group.' A dotted line extends from the bottom of the icon, showing four actions that indicate the email was sent multiple times on different dates. The user's actions are labeled as 'Ignored,' 'Ignored,' 'Ignored,' and 'Reported,' with 'Reported' highlighted in purple.

Types of User Interactions

White rectangle representing an email notification featuring the Microsoft icon and the subject line 'Password Reset Reminder.' There are indications of multiple emails listed underneath the notification.
Simulation of a phishing email involving insider spoofing, where the sender has provided a Google Docs link for the user to click. A black cursor is clicking a purple button labeled 'Open.'
White card displaying the message 'Uh oh! You just gave your info to potential scammers!' The card contains blurred-out text and a button with an info icon labeled 'What clues did I miss?' A black cursor is positioned to click the button.
Simulation of a phishing email involving insider spoofing, where the sender has attached a file for the user to click. Above the email, there is a toolbar featuring a purple button with the Pistachio logo, and a black cursor is clicking it, indicating that the email has been 'reported.'

“Lot of new features month after month to follow the evolution of the cybersecurity!”

Jeremy l. (Network & Security Engineer)

Source: G2

Our Methodology

We value progress, not perfection

White email on a yellow background, highlighting the sender's email in purple and underlined. The subject line reads 'Help us choose the perfect location for our August social event!' Next to the sender's email, an icon is connected to a dotted line leading to a purple pop-up that says 'Wrong Domain,' with explanatory text indicating that this is a phishing simulation.

Learn-by-doing

When someone fails our simulations, we don’t punish them. We teach them where they went wrong. By providing immediate feedback, we help people to spot phishing attacks better than generic training can.

Supportive environment

We never make users feel bad for failing a simulation. It’s a normal part of the learning process, and there’s no shame in getting it wrong—that’s what makes it a valuable learning experience!

Practical insights

The instant feedback users get when they fail a simulation helps them see the subtle clues they may have missed the first time around. This helps them spot these clues in future simulations and actual attacks.

Outlook Add-on

Report suspicious emails with one click

Illustration of a Microsoft Outlook email inbox featuring a new email with the subject line 'Help us improve our services.' On the right-hand side of the browser window, there is a panel indicating that the email has been successfully reported to Pistachio.

Faster threat identification

By adding the Pistachio "Report" button to the Outlook toolbar, users can quickly determine if a suspicious email is one of our simulations, enabling faster response and better security awareness.

Develop organic security habits

When team members routinely report suspicious emails, they develop a habit of staying vigilant for potential phishing threats and notifying their IT department for further action.

Let
Pistachio
Pistachio manage your human
People
cybersecurity risk for you