Real-world Security Training
With PhishMe, an organisations employees are immersed in a real-world spear phishing experience, but within a controlled manner that does not compromise security or create negative backlash from employees. As a Software-as-a-Service (SaaS) offering, PhishMe is executed and delivered from the Internet, effectively emulating the attack methods used by malicious hackers.
Creating Different Scenarios For Your Employees
Administrators can use different methods of training for their recipients. These scenarios can be developed from pre-built, customizable templates or from scratch based on the current training requirements. PhishMe’s templates are continuously updated to reflect the latest industry trends observed in the news or reported by customers and contacts in the industry.
PhishMe provides six types of scenarios based upon the latest strategies and techniques used by hackers, with many prebuilt themes in each major type:
- Click-only: These scenarios involve a two-step process with an email that urges the recipient to click on the embedded link.
- Data entry: Send emails with a link to a customized landing page that entices users to enter sensitive information.
- Attachment-based: Train users to recognize malicious attachments by sending emails with seemingly legitimate attachments in a variety of formats.
- Double Barrel: Patent-pending technology that simulates conversational phishing techniques by sending two emails – one benign and one containing a malicious element – to train users on this tactic used by APT.
- Benchmarking: Anonymously compare your organisation’s results to other PhishMe companies by using this patent-pending feature to conduct an identical scenario and receiving an additional report that provides a comparison of your results with other organisations that ran the scenario.
- Highly Personalized: Simulate advanced social engineering tactics by using specific known details about email recipients gathered from internal and public sources.
Empower Your Employees with PhishMe Reporter
In addition, employees are empowered to report suspicious phishing attempts, using Phish Reporter, which provides another source of real-time threat intelligence to security operations and incident response teams. Timely threat detection and intelligence is critical for security operations teams to minimise the dwell time an attacker is on a network. To date, organisations have lacked an efficient process for gathering and organising user reports of suspicious emails that may indicate early stages of an attack. PhishMe Reporter provides organisations with a simple, cost-effective way to fill this void.
Effective, memorable and secure, PhishMe's customizable scenarios focus on emulating the most relevant threats, identifying highly visible targets, filtering repeat victims, and emulating advanced tactics like conversational phishing. The solution provides immediate feedback and targeted training to anyone that falls victim to these exercises.
The PhishMe Reporting Dashboard facilitates the sharing of metrics and performance with management to emphasize the ROI from user awareness training, tracking the effectiveness of the training over time, identifying the types of employees that are most susceptible to attacks, and even helps identify departments or locations that may be more vulnerable than others.
Core details provided in the reports include overall response to the scenarios (how many employees fell for the bait), response during the first eight hours of the scenario, response by day, a breakdown of users’ browsers, and the geo-location of their network gateway.
All of this data can help understand how different parts of the organisation respond to the scenarios and help to target scenarios appropriately in the future.
PhishMe’s training begins immediately after an employee falls for a scenario. Motivation to pay attention and absorb the content is at its highest right after the attack, and data shows that employees that complete the training are 80% less likely to fall for an attack in the future.
PhishMe’s training is fun and interactive, addressing the immediate issues with the phishing bait users responded to, while still underscoring the seriousness of the issue. Customers have access to over 20 unique PhishMe training modules that include HTML flashcards, videos, and an interactive quiz. PhishMe’s training is available in a variety of languages, and is continually updated to ensure training content remains fresh and addresses the latest phishing trends.
Administrators can upload their recipient list from an CSV file or use PhishMe’s Highly Visible Target Identifier to search the Internet to find which users in their organisation have made their email and personal information readily available on the Internet.
What is the Highly Visible Target Identifier?
The Highly Visible Target Identifier allows administrators to identify these most-vulnerable users by searching both premium paid sources and free sources on the Internet to find users with easily accessible email addresses using their organisation’s domain. This scours from the same sources adversaries use, and provides insight into which employees have left themselves more vulnerable to a targeted attack.