Phishing Security Testing and On-line Training

Phishing is a term which refers to attempts to gain sensitive information such as usernames, passwords and credit card details, for malicious reasons. In this case, cybercriminals obtain this information through an email (or other electronic communication) disguised as originating from a trustworthy source such as a bank, delivery company or even a co-worker or friend.

Phishing: Avoiding the hook

Information obtained in this manner might be used directly by the cybercriminal (eg. buying goods with your credit card), or might be sold to others for their malicious use. Threats might also be made to publicly expose stolen information, unless a fee is paid.

Many successful Phishing attempts lead to Ransomware attacks. This is malicious software that encrypts or locks access to data. The victim is then told to pay a ransom in order to regain access to this data.

Phishing attempts are becoming increasingly prolific and sophisticated. Since success of a Phishing attempt requires a live person to respond in some way; usually by clicking on an email link or attachment, the best line of defense is employee education.

Testing & Training Solution

Our solution to the challenge of employee education involves simulated phishing attacks coupled with on-line training videos which are short, on-demand and interactive. Those who fall prey to the simulated attacks are directed to further training videos so they can better understand what to look for, what not to do, and much more. Periodic simulated phishing attacks are conducted on an ongoing basis to keep users on their toes and continually wary.

Management reports are provided, including tracking of start/completion rates and learners’ training progress, as well as open, phish and avoid rates for the simulated phishing attacks.

Training Videos

An extensive library of short, on-line training videos is available on-demand as part of this service. The content is regularly reviewed, revised and expanded by security education experts. These videos cover a wide range of topics which go well beyond Phishing Email training.

Training video categories include:

  • Malware & Phishing (including voice phishing {Vishing} and SMS Phishing {SMiSHing}
  • Web-Application Based Threats
  • Mobile Security
  • Network Security
  • Password Security
  • Physical Security & Hardware
  • Social Engineering
  • Internal Controls