Frequently Asked Questions

In July 2017, Webroot acquired the assets of Securecast, an innovative startup that has developed cloud-based, multi-layered end user security awareness training. Currently, we are working to integrate Securecast IT security simulation, training, and user education courses into the Webroot® Global Site Manager console. During this time, existing managed service provider (MSP) partners can begin BETA testing an early version of the upcoming Webroot Security Awareness Training. The BETA will be limited to 20 users per MSP for 60 days, from mid-August until mid-October 2017. We plan to release the fully integrated Webroot Security Awareness Training to all Webroot customers in October.

During Webroot Security Awareness Training BETA, MSPs will receive access to the existing Webroot/Securecast education and training software, including:

  1. A sophisticated phishing simulator
  2. The phishing avoidance training module
  3. A forum to make comments or suggestions for usage, features, and additional training going forward
Webroot chose Securecast specifically for their very intuitive cloud-based console and easy five-step process for initiating security awareness trainings and user education programs. The software is very easy to use and the phishing simulator and education program are straightforward to test.

To request BETA access, click here and enter your details. We will then send you all the information you need to start your BETA.

Some spam filters may prevent emails coming from Webroot/Securecast. You may find you need to whitelist emails from the Webroot/Securecast send mail server by IP address or server name, or you can whitelist the sending domain. To do so log into your email gateway or spam filter and whitelist any of the following:

  1. IP Address:
  2. Mail Server: ( [])
  3. Sending domain(s): use the sending domain you set up
Established in 1997, Webroot has a long track record of delivering high integrity IT security solutions to the global market. By bringing the Webroot and Securecast teams together, we’re combining nearly 20 years’ experience in cybersecurity and education technology.

Webroot Security Awareness Training will:

  • Sanitize lure pages on the client side to ensure credentials (usernames/passwords) are never sent to, or seen by, our servers
  • Ensure simulations can only be launched against targets on your validated domains
  • Restrict launching simulations against public ISP domains
As our client, you will be able to build your phishing simulations through our easy-to-use Simulation Wizard. In five easy steps, you will:

  1. Import your 20 user email target list
  2. Add your bait email and lure page by using pre-configured templates or your own custom content
  3. Send a test email to test the simulation
  4. Schedule and launch your simulation against your targets
  5. Watch simulation reporting in real time, including:
    • Email processing and delivery
    • Email opens and clicks
    • Data post attempts to the lure page
Real-world phishing attacks can be devastating. Webroot Security Awareness Training only simulates a phishing attack, and can only collect action statistics on your users’ interactions with the simulation—helping you identify education needs within your organization.

Webroot Security Awareness Training alters simulated emails and lure pages to ensure data such as user names, passwords, or any other sensitive data never leaves the user’s device, and is never seen by our servers.

Simulation emails and lure page code are sanitized on the server to ensure users cannot add custom scripts, links, or forms to emails or lure pages. This ensures only action statistics are collected.

You will enter two types of email addresses into Security Awareness Training:

  1. Authorized Domain Address: This is your own address on your organization’s domain. When you add an Authorized Domain address, you will receive an email with a validation link. Click that link to verify that you can access that email box, and have an account on your organization’s domain. This will allow you to import target email addresses on that domain.
  2. Target Email Addresses: These are the organization’s employees’/users’ email addresses which will be targeted in your simulation. These are necessary for the simulation to deliver bait emails.

We will not share any of the email addresses you enter. Webroot will never sell or share email addresses in our system with any non-Webroot person or group, nor will we use any of your target addresses. You can easily purge your data from Webroot Security Awareness Training, should you feel it necessary.

By default, phishing simulations are only available to launch against your authorized domains. You will not be able to target email addresses outside of your authorized domains list. These types of tests are generally run by your company IT or security team. Before running any simulations against your organization, you should consult with your company’s IT and/or security staff to make them aware of the tests, and maximize the success of your simulation.
The Email Activity Feed will show you data on the following types of email events:

  • Processed: requests from your website, application, or mail client via SMTP Relay or the API that the emailer processed
  • Clicks: when a recipient clicks one of the Click Tracked links in your email
  • Delivered: an email that was delivered to a recipient
  • Opens: whenever an email is opened by a recipient
  • Deferred: the recipient mail server asked the emailer to stop sending emails so fast
  • Drops: if the recipient email is in one of your suppression groups, the recipient email has previously bounced, or that recipient has marked your email as spam, the emailer will drop an email
  • Bounces: when an email is rejected by the recipient mail server before it can be delivered
  • Spam Reports: whenever a recipient marks your email as spam and their mail server reports the action to us
Webroot Security Awareness Training tracks nearly all activity associated with a phishing campaign, including number of messages sent and delivered; number of messages opened and clicked; and number of individuals who post data. Reports are presented in easy-to-read charts directly within the Security Awareness Training solution. Reports can be exported simply by printing or saving as PDF via your browser.

  • Email addresses on ISP or public domains (such as,, etc.,) are restricted and cannot be used with this service.
  • User accounts and target email addresses must be valid company or organization addresses. After signing up, you will receive a welcome email with a validation link to enable your MSP account to run a simulation.
  • For BETA evaluation purposes, you can send simulations to your own validated email. If you intend to run simulations for one of your customers, you must inform us so we can validate their email domain.

Webroot support community

Ask questions and view community discussions directly with the Security Awareness Training product team.

Create a new support ticket

Our support team is standing by to assist you.

How to get started

First steps: Learn the Beta Security Awareness Training platform