The best way to verify if a suspicious email is a Nimblr simulation or not is to log in to the Nimblr portal, go to Reports > Users, and find the user who received the suspicious email. Click on the user and review what has been sent to them. From this view, you can review every sent simulation by clicking the 'View' button."
If the complete email (including headers) is reported, you may also look for the Nimblr header 'X-NIMBLR-PHISHING: yes.' Please note that headers are easy to insert into an email. Finding the Nimblr header in an email is not a guarantee that the email is a simulation generated by Nimblr. The simulations are also signed with our DKIM signature (sasender.net) and originate from one of the following IP numbers: 126.96.36.199, 188.8.131.52, or 9184.108.40.206.
If using O365, you may also consider implementing the Report Message and Report Phishing add-ins for Outlook, which allow users to report suspicious emails, and administrators to review them in the Microsoft 365 Admin Portal. Nimblr’s simulations are automatically marked as 'simulations.