Security Awareness Training now introduces the ability for administrators to exclude simulated phishing attacks that impersonate internal users, giving organizations more control over their training content to meet compliance, policy, or regulatory requirements.
Security Awareness Training in Avanan uses AI to auto‑generate phishing simulations, personalized per user, based on threats they are likely to face. Some organizations have raised concerns about certain impersonation scenarios - for example, when the simulated attacks mimic internal employees or executives - which may conflict with regional regulations or internal policies.
Administrators can now exclude simulated phishing scenarios that impersonate internal users such as executives, managers, or colleagues. This ensures that those types of simulations will not be included in phishing campaigns, while maintaining the full effectiveness of AI-driven personalization across other attack types. This capability is especially valuable for organizations that must adhere to strict compliance or internal conduct guidelines, where impersonating internal stakeholders may raise legal, cultural, or operational concerns. Organizations that rely on these simulations to build awareness of impersonation threats can continue using them by leaving the default setting unchanged.
To exclude internal impersonation simulated phishing attacks:
Create a new SAT policy or edit an existing one.
Under Phishing Simulation → Simulation Types, uncheck the “Include phishing simulations impersonating internal users” box.