End-User Guide
Degarmo Technologies · Security Awareness
BullPhish ID
Employee Guide
Your organization has enrolled in BullPhish ID — a security awareness and phishing simulation program managed by Degarmo Technologies. This guide explains what to expect, what the tests mean, and how to become your company's first line of defense.
Phishing Simulations
Security Training
Interactive Courses
Employee Reference Guide
July 2026
Contents
What's Inside
Security awareness training exists because 90% of cyberattacks start with a phishing email. Your participation makes a real difference — not just for yourself, but for everyone at your organization. This guide walks you through every part of the program so you always know what to expect.
01
Why This Program Exists
Understanding the phishing threat and your role in stopping it
Pg 3
02
Recognizing a Phishing Test Email
How to spot red flags in simulated (and real) phishing attempts
Pg 4
03
What Happens If You Click
No punishment — just a teachable moment and remedial training
Pg 5
04
Completing Your Training Courses
Step-by-step: accessing your portal and finishing assigned courses
Pg 6
05
Reporting Suspicious Emails
How to report phishing — real or simulated — to protect your team
Pg 7
06
Quick Reference & Contact
Key rules to remember and how to reach Degarmo Technologies
Pg 8
Section 01
Why Your Organization Uses BullPhish ID
Understanding the threat — and your role in stopping it
90%
of cyberattacks
start with a phishing email
70%
reduction in breach risk
from consistent training
$4.9M
average cost of a data
breach in 2024

The Threat Is Real — And Aimed at You

Cybercriminals don't break through firewalls or hack software directly — not usually. Instead, they send carefully crafted emails designed to trick real people into clicking a link, opening an attachment, or handing over login credentials. This is called phishing, and it is by far the most common method used to compromise businesses today.

Your inbox is a direct door into your organization's systems. One click on the wrong email can give an attacker access to internal files, customer data, financial accounts, and more. No technical defense fully closes that door — which is why you are one of the most important security tools your organization has.

How BullPhish ID Protects You

BullPhish ID works by combining two things: phishing simulations that test how you respond to fake threats, and security awareness training that teaches you to recognize and avoid real ones. Degarmo Technologies manages this program on behalf of your organization.

🎯 Phishing Simulations
You'll periodically receive realistic fake phishing emails — designed to look exactly like real threats. These are tests, not actual attacks. Your responses are tracked to identify training needs.
📚 Security Training Courses
Short, animated video courses (3–7 minutes each) cover phishing, password safety, social engineering, and more. You complete these through a simple training portal.
🔄 Automatic Follow-Up
If you click a simulated phishing link, you'll be automatically enrolled in a targeted refresher course. This is not a punishment — it's targeted practice.
📊 Progress Tracking
Your IT team and Degarmo monitor program results over time, using data to measure improvement and identify areas where more training would help.
💡
This Is Not a Gotcha Program
BullPhish ID tests are designed to build skills — not catch you out. Everyone gets tested. Results are used to improve the overall program, not to discipline individuals. The goal is for your whole team to get better at spotting threats together.
Section 02
Recognizing a Phishing Email
What a simulated phishing test looks like — and how to spot the red flags

What You'll Receive

BullPhish ID phishing tests are modeled on real-world threats — they may appear to come from Microsoft, your HR department, a file-sharing service, IT, or even a colleague. Below is an example of what a typical test email looks like. The red flags are highlighted.

The Red Flags — What to Look For

1
Suspicious sender domain
The "From" address says micros0ft-alerts.com — note the zero instead of the letter "o." Real Microsoft emails come from @microsoft.com. Always check the full email address, not just the display name.
2
Sent at an unusual time
Legitimate business emails from IT or service providers rarely arrive at 2:47 AM. Odd send times are a common indicator of automated phishing campaigns.
3
Creating false urgency
"Act immediately," "24 hours," "permanently suspended" — urgency is a manipulation tactic designed to stop you from thinking critically. Real account issues never require panic-clicking a link.
4
Generic greeting
"Dear Valued Customer" instead of your name. Microsoft and most legitimate services know who you are and will address you personally.
5
Vague threat with no specifics
"Suspicious activity" with no details — legitimate security alerts always describe what was detected, when, and from where. Vague threats are a sign of mass-sent phishing campaigns.
Section 03
What Happens If You Click
The "teachable moment" — and what comes next

If you click a link in a BullPhish ID phishing simulation, you won't be redirected to a real harmful site. Instead, you'll land on a teachable moment page — a safe page that reveals this was a test and explains what red flags you may have missed. This is one of the most effective learning tools in the program.

⚠ You Clicked a Simulated Phishing Link
Don't worry — this was a security awareness test. No real harm was done.
🛡️
This Was a Security Awareness Test
You've just experienced what a real phishing attack feels like. The good news: catching it now — in a safe environment — makes you far less likely to fall for a real one.
👁️
Check the sender address
Attackers use lookalike domains. Always verify the full email address before clicking.
⏸️
Pause before clicking
Urgency is a red flag, not a reason to rush. Take 10 seconds to evaluate any unexpected email.
📞
Verify through another channel
If an email seems off, call or message the sender directly — don't reply to the suspicious email.
🚩
Report suspicious emails
Always report phishing to your IT team — even if you're not sure. It's always better to report and be wrong.

What Happens After You Click

1
Your click is recorded
The platform logs your click against this campaign. This data is used to measure program effectiveness — not to penalize you individually.
2
You see the teachable moment page
Immediately after clicking, you're shown the safe landing page (like the mockup above) that explains what happened and highlights the red flags in the email.
3
You may be enrolled in a refresher course
If auto-enrollment is enabled, you'll automatically receive an email with a link to a short remedial training course. This typically takes 5–10 minutes to complete.
4
That's it — no punishment
The program is designed to build skills, not catch people out. Clicking a test is one of the safest ways to learn what a real phishing attempt feels like.
If You Think You've Clicked a REAL Phishing Email
Don't wait. Contact your IT team or Degarmo Technologies immediately — even if you're not sure. Rapid response dramatically limits the damage from a real phishing attack. Time matters. Do not log out, do not restart your computer — just report it right away.
Section 04
Completing Your Training Courses
How to access and complete assigned security awareness training

When a training course is assigned to you, you'll receive an email with a link to the training portal — a secure, white-labeled website where you watch short video courses and take brief quizzes. Here's exactly what to expect.

Step-by-Step: Completing a Training Course

1
Check your inbox for a training invitation
You'll receive an email from the training platform (typically from your organization's domain or Degarmo's). The subject line will reference your assigned course. This email is real — not a phishing test. It will always come from a consistent sender address your IT team has communicated to you.
2
Click the link to open the training portal
The link takes you directly to your training portal — a branded, secure website. You don't need to create an account or remember a password. The link in the email is your personalized access.
Welcome back, Alex
You have 1 course assigned · Due Jul 31, 2026
Phishing Awareness: Recognizing Email Threats
Security Awareness · Est. 6 min · Quiz included
Status: Not Started · Due: Jul 31, 2026
3
Watch the training video
Courses are short animated videos — typically 3 to 7 minutes. They're designed to be clear and engaging, with real-world examples. You can pause and rewind at any time.
4
Complete the quiz
After the video, you'll take a short comprehension quiz. There is no "failing" grade on these quizzes — they're designed to reinforce what you just learned. Your completion is automatically recorded once you submit.
5
You're done
Your completion is logged automatically. You'll see a confirmation screen. No further action is needed unless you're assigned another course.
Missed Your Training Deadline?
If you don't complete training by the deadline, you may receive automated reminder emails. If you're having trouble accessing the portal or need an extension, contact your IT team or Degarmo Technologies directly — we can reset access and adjust deadlines.
Section 05
Reporting Suspicious Emails
How to report phishing — real or simulated — to protect your team

Reporting suspicious emails is one of the most valuable actions you can take. Every report — whether it's a real threat or just a false alarm — helps your IT team identify trends, block emerging threats, and protect everyone at your organization.

Golden Rule: When In Doubt, Report It
You will never be criticized for reporting something that turns out to be legitimate. The cost of missing a real phishing attack is always higher than the minor inconvenience of a false alarm. If anything feels off about an email — report it.

How to Report a Suspicious Email

1
Do not click any links or open attachments
If you haven't already clicked anything, keep it that way. Do not forward the email to colleagues — that can spread risk.
2
Use your organization's report button (if available)
Your IT team may have configured a "Report Phishing" button in your email client. If available, use it — this sends the email directly to your security team for analysis and removes it from your inbox in one click.
3
Forward to your IT team or Degarmo Technologies
If there's no report button, forward the suspicious email (as an attachment if possible) to your IT contact or directly to Degarmo Technologies. Include a brief note about why it seemed suspicious.
4
Delete it from your inbox
After reporting, delete the email. Don't leave it sitting in your inbox where you might accidentally interact with it later.

What Happens to Your Report

📧 If It's a Test Email
Your report is logged as a successful detection — one of the best possible outcomes in a phishing simulation. Reporting the test is even better than simply not clicking it.
🚨 If It's a Real Threat
Your IT team or Degarmo Technologies analyzes the email, blocks the sender, and monitors for other users who may have received the same message. Your report may prevent a major incident.
Remember: Reporting Is Always the Right Move
In a BullPhish ID phishing campaign, the three possible outcomes are: (1) you don't click — good, (2) you report the email — great, (3) you click the link — learning opportunity. Reporting is the gold-standard response to any suspicious email, real or simulated. Your vigilance protects everyone around you.
Section 06
Quick Reference & Key Rules
Everything you need to remember — at a glance
Your Security Checklist
📧
Before clicking any link
Check the full sender email address · Look for urgency language · Hover over links before clicking · If unsure, verify by phone
⚠️
Red flags to watch for
Lookalike domains · Unexpected urgency · Generic greetings · Requests for credentials or payment · Unexpected attachments
📚
When you receive a training email
Complete it by the due date · Training emails come from a consistent, known address · No login/password needed — the link is your access
🚩
When you suspect phishing
Don't click · Don't forward · Use the report button or contact IT · Delete after reporting
🆘
If you clicked a real phishing link
Contact Degarmo Technologies IMMEDIATELY · Don't log out or restart · Time is critical
📞 Report a Security Incident
Degarmo Technologies
degarmo.tech

Contact your IT administrator or reach Degarmo directly if you believe you've clicked a real phishing link, submitted credentials, or experienced any other security event.
📋 The 3 Outcomes of Every Test
👍 Didn't click — Good. You spotted it.
🏆 Reported it — Excellent. Best outcome.
📖 Clicked — OK. Learning moment. Training follows.
You Are the Last Line of Defense
No firewall, no spam filter, and no AI system can fully replace an alert, informed employee. Completing your training, staying skeptical of unexpected emails, and reporting anything suspicious are the three most impactful actions you can take for your organization's security. Thank you for participating in this program — it makes a real difference.