Phishing simulation · Automated training

One email is about to cost your company €150,000

It looks like a supplier invoice. Your accountant opens it on a Tuesday morning. By 2pm, a wire transfer is on its way abroad.

Test my team for free See how it works

What happens after the click

Between the click and the wire transfer: 4 hours

9:47

ModifierBoîte de réception

Marie Dupont9:41

Re: Devis Q2 validé

Super, je transmets au service...

Slack9:38

3 messages non lus

Pierre: La réunion de 14h est...

OVHcloud9:15

Votre facture de mars

Montant : 47,90 € - Votre...

Thomas BernardHier

Dossier Assurance

Peux-tu m'envoyer les doc...

9:48

Boîte de réception

DocuSign <docu-sign@notif-secure.com>

à : j.martin@entreprise.fr

Signature requise - Facture #F-2847

DocuSign

Bonjour Julien,

La facture #F-2847 de TECH SOLUTIONS LTD nécessite votre signature.

Ce document expire dans 24 heures.

CONSULTER ET SIGNER

Propulsé par DocuSign • Ne pas répondre

9:49

micros0ft-login.com/auth

Microsoft

Entrez votre mot de passe

j.martin@entreprise.fr

Se connecter

Mot de passe oublié ?

9:50

www.docusign.com/signing/complete

DocuSign

Signature enregistrée

Vous pouvez fermer cette page

···

4 heures plus tard...

14h00

14:00

Thomas B.

11:30

Tu peux me renvoyer le RIB du presta pour la facture ?

Oui je t'envoie ça

Merci 👍

iMessage

···

Vendredi

L'assureur répond

17:30

Boîte de réception

Assurance Cyber Pro

à : j.martin@entreprise.fr

Dossier SIN-2024-1847 - Prise en charge refusée

Bonjour,

Suite à votre déclaration de sinistre, nous vous informons que votre demande de prise en charge est refusée.

Motif : Absence de preuve de formation et de sensibilisation cybersécurité des employés (clause 4.2).

Montant du préjudice déclaré : 47 000 €

Montant pris en charge : 0 €

Vous disposez d'un délai de 30 jours pour contester. Cordialement, Service Sinistres.

Refusé

9:47am

Your accountant opens a "DocuSign validation" link. The address: docu-sign@notif-secure.com.

10:20am

The attacker is in your CFO's mailbox.

2:00pm

€47,000 lands in a foreign account. The bank details looked like your usual supplier's.

Friday

Your insurer denies the claim. No proof your employees were trained.

This is the most common attack scenario in France. It hits 20-person companies just like 500-person ones.

9:47

ModifierBoîte de réception

Marie Dupont9:41

Re: Devis Q2 validé

Super, je transmets au service...

Slack9:38

3 messages non lus

Pierre: La réunion de 14h est...

OVHcloud9:15

Votre facture de mars

Montant : 47,90 € - Votre...

Thomas BernardHier

Dossier Assurance

Peux-tu m'envoyer les doc...

9:48

Boîte de réception

DocuSign <docu-sign@notif-secure.com>

à : j.martin@entreprise.fr

Signature requise - Facture #F-2847

DocuSign

Bonjour Julien,

La facture #F-2847 de TECH SOLUTIONS LTD nécessite votre signature.

Ce document expire dans 24 heures.

CONSULTER ET SIGNER

Propulsé par DocuSign • Ne pas répondre

9:49

micros0ft-login.com/auth

Microsoft

Entrez votre mot de passe

j.martin@entreprise.fr

Se connecter

Mot de passe oublié ?

9:50

www.docusign.com/signing/complete

DocuSign

Signature enregistrée

Vous pouvez fermer cette page

···

4 heures plus tard...

14h00

14:00

Thomas B.

11:30

Tu peux me renvoyer le RIB du presta pour la facture ?

Oui je t'envoie ça

Merci 👍

iMessage

···

Vendredi

L'assureur répond

17:30

Boîte de réception

Assurance Cyber Pro

à : j.martin@entreprise.fr

Dossier SIN-2024-1847 - Prise en charge refusée

Bonjour,

Suite à votre déclaration de sinistre, nous vous informons que votre demande de prise en charge est refusée.

Motif : Absence de preuve de formation et de sensibilisation cybersécurité des employés (clause 4.2).

Montant du préjudice déclaré : 47 000 €

Montant pris en charge : 0 €

Vous disposez d'un délai de 30 jours pour contester. Cordialement, Service Sinistres.

Refusé

3,200 French SMBs reported a phishing attack in 2025.

Most had no simulation tool and no proof of employee training.

Cybermalveillance.gouv.fr, 2025

The problem

Phishing is the #1 cause of cyberattacks in France

91%

of cyberattacks

start with a phishing email. It's the number one attack vector.

Source: Deloitte, 2023

60%

of SMBs hit

by a cyberattack shut down within 6 months.

Source: Hiscox Report, 2023

1/3

of your employees

click a phishing link without prior training.

Source: Verizon DBIR, 2024

How it works

Your teams get tested. Those who fall for it learn. You see everything.

Import your team

Copy-paste from your directory or connect Active Directory. One coffee and you're done.

Turn on autopilot

You configure once. nophi.sh sends the right campaigns to the right people, with gradual difficulty and randomized scenarios each time. Fake WeTransfer, fake supplier follow-up, fake CEO message.

Those who click get a micro-lesson

3 minutes, on the exact mistake they just made. You track progress by department in your dashboard.

The result

Your team's new reflex

Unsure about an email? Instead of clicking, your employees forward it to nophi.sh. Verdict in 30 seconds: phishing, suspicious, or legitimate. Doubt finally has an answer.

Every flagged email is automatically escalated to your security manager.

Doubt no longer leads to a click. It leads to the right reflex.

nophi.sh AI verdict on a suspicious email

First simulation in 15 minutes

14-day free trial. No commitment. Hosted in France.

Test with my team See pricing

The platform

From 30% click rate to under 5%. In 6 months.

No slides. No promises. Numbers.

Risk score

Your security lead opens nophi.sh, sees A+, closes nophi.sh. Good day.

6-month progression

nophi.sh dashboard - click rate progression over 6 months by department

Accounting, marketing, management: who clicks, who learns, who's stuck. Month by month.

Campaign activity

You configure once. nophi.sh plans, sends, and adjusts difficulty, month after month.

Measured results

Click rates drop. The numbers prove it.

Before

30%

Average phishing email click rate, all industries

After 6 months

<5%

After a regular simulation program with point-of-error training

-86%

KnowBe4 Phishing By Industry Benchmarking Report 2025 - 67.7 million simulations

Compliance

SOC2, ISO 27001, NIS2, DORA: automated compliance

Audits coming up? nophi.sh automatically generates the training and testing evidence your auditors require.

Audit-ready reports, instantly. Complete simulation history, training completion rates, and risk scores by department. No more compiling evidence by hand.

Start free trial

Compliance report

March 2026

Compliant

92%

Compliance score

NIS2 · SOC2 · ISO 27001

Training96%

Phishing tests88%

Documentation92%

NIS2

Mandatory training and regular testing

SOC2

Security awareness controls

ISO 27001

Annex A.7 - Human resource security

DORA

Digital operational resilience

Market solutions charge between €5 and €12 per user per month.

Pricing

Simple, transparent pricing

All features included. No per-user pricing.

MonthlyAnnual2 months free

Starter

Up to 50 users

82EUR

/mo

Start free trial

14-day free trial

Popular

Pro

Up to 200 users

207EUR

/mo

Start free trial

14-day free trial

Enterprise

Up to 500 users

14-day trial on the Pro plan. No commitment.

First campaign in 15 minutes

15 minutes to set up. First results today.

Launch my first simulation View pricing

14 days free · No commitment · Hosted in France