InboxDecoy

InboxDecoy is a web app (with optional Outlook/Gmail add-ins) that runs security-awareness training inside the tools employees already use. Instead of generic phishing tests, it generates realistic “lookalike” messages based on your company’s actual vendors, workflows, and common lures (invoice, HR updates, shared docs). When a user clicks or replies, the app immediately shows a short, specific teach-back: what signals were missed, what to do next, and a one-click “report” action that mirrors your real reporting process. Admins get risk trends by department and role, plus a library of pre-approved scenarios to avoid legal/HR blowback. This is a combination traditional + AI app: AI drafts scenarios and explanations, while strict templates and approvals keep it safe and consistent. It’s built for small-to-mid companies that can’t run a full security program but still get targeted constantly.