Are you prepared for an attack?
You wouldn’t give a staff member a company car if they hadn’t passed their driving test. And yet, too often, end users, your staff, are given a computer and expected to just know how to use it, including how to identify one of these highly dangerous attacks. The likelihood of being on the receiving end of a phishing attack is growing on a day to day basis.
Contact us to discuss how we can prepare you and your team for malicious attacks.
Vigilance is key
We can now do controlled phishing tests. We have developed a phishing tool which can test your users vulnerability in a safe and controlled way, with no risk to privacy or compromise of passwords. This helps you to pinpoint any people who may need further training in scam detection.
The first mail we have developed is a simple 365 related phish which requires the user to reset their 365 password. Obviously it doesn’t actually change any passwords. We don’t store any actual information they input. We do analyse it to check if they type in their password (and a new one) and we compare the new password when they type it twice, this keeps your team’s passwords more secure.
Users often fail to see the risk they are putting themselves and their company in when they have any interaction with phishing emails. Simply opening the email can give the phisher enough information to put them on a list for the next level of attack, the spearfish.
Worse still, if they actually enter their current password and offer a replacement password the risk would be that they have supplied the attacker with not only a valid username and password, but also the users preferred replacement which they likely have used on other services. The risk is far worse than many people appreciate.
We have a general capture rate of 12% of users identified as quite vulnerable to this type of attack, but our worst case was 25% of staff in a company fell for this and our simulation triggered internal training to be carried out to give users the awareness we expect.
At the end of the test you will be presented with a compiled spreadsheet containing a list of all the users we emailed, it will inform you to which level the user fell victim and how long the response took to be made.