Cybercriminals don't break through firewalls or hack software directly — not usually. Instead, they send carefully crafted emails designed to trick real people into clicking a link, opening an attachment, or handing over login credentials. This is called phishing, and it is by far the most common method used to compromise businesses today.
Your inbox is a direct door into your organization's systems. One click on the wrong email can give an attacker access to internal files, customer data, financial accounts, and more. No technical defense fully closes that door — which is why you are one of the most important security tools your organization has.
BullPhish ID works by combining two things: phishing simulations that test how you respond to fake threats, and security awareness training that teaches you to recognize and avoid real ones. Degarmo Technologies manages this program on behalf of your organization.
BullPhish ID phishing tests are modeled on real-world threats — they may appear to come from Microsoft, your HR department, a file-sharing service, IT, or even a colleague. Below is an example of what a typical test email looks like. The red flags are highlighted.
Dear Valued Customer,
We have detected suspicious activity on your account. To prevent your account from being permanently suspended, you must verify your credentials immediately.
Failure to act within 24 hours will result in loss of access to all Microsoft services, including Outlook, Teams, and SharePoint.
Verify My Account NowIf you believe this message was sent in error, please disregard this notice. © 2026 Microsoft Corporation, One Microsoft Way, Redmond WA 98052.
If you click a link in a BullPhish ID phishing simulation, you won't be redirected to a real harmful site. Instead, you'll land on a teachable moment page — a safe page that reveals this was a test and explains what red flags you may have missed. This is one of the most effective learning tools in the program.
When a training course is assigned to you, you'll receive an email with a link to the training portal — a secure, white-labeled website where you watch short video courses and take brief quizzes. Here's exactly what to expect.
Reporting suspicious emails is one of the most valuable actions you can take. Every report — whether it's a real threat or just a false alarm — helps your IT team identify trends, block emerging threats, and protect everyone at your organization.