Phishing Attacks Work
Kaspersky Lab reports 37.3 million users experienced phishing attacks in 2012, causing reputational damage and direct losses.
In 2013 the Associated Press Twitter account was hacked via phishing and fake story about a Whitehouse bomb caused the markets to move.
RSA was compromised with a spearphish in 2011 and had SecurID data stolen.
Microsoft employees were subjected to multiple targeted phishing attacks in 2014, yielding internal email access, social media accounts and blogging accounts.
How We Help
Metrics and training
Will your users click on emailed links? What do they do when faced with legitimate looking websites? Are their browsers and plugins updated? Without conducting an actual campaign this data is absent so your risk level is unknown, but that data is waiting to be collected. Phish5 provides great metrics that help you determine where your risk lies, and the efficacy of classroom training.
Classroom training has its limits, not least the fact that the techniques taught can be difficult to implement in a user's normal workflow. Instead, train on the job. Send phishing emails that appear in their inbox, and start teaching them how to react with actual phishing mails. Twitter regularly phishes its employees, and you can too (not phish Twitter, that is, but your own employees!) Bonus: after multiple campaigns you'll have a list of repeat victims who are in need to additional interventions, and the rest of the users don't need to attend classroom training.
The Five Steps
1. Create campaign
Select a campaign template and a few configuration details.
2. Target campaign
Upload or enter the details for your intended targets.
3. Design email
Customise the phishing email, including the message envelope as well as its contents. Reuse one of our templates for rapid phishing.
4. Build the phishing website
Your website consists of a landing page and a post-authentication page. Build a custom page or choose from one of our templates. Design a phishing URL that looks authentic, or use your own custom domain.
Review the campaign details, hit launch and follow your campaign's progress.