Phishing simulations are the perfect complement to our trainings or on their own.
Cyber criminals send billions of phishing emails daily and are always looking for new templates to gain information or deploy malware from unsuspecting people. Similar to running a fire or tornado drill, phishing simulations allow users to experience what a phishing attack might feel like. They are an important part of staying cyberaware.
We have designed phishing simulations to mimic that experience so that your team can get comfortable detecting danger when they encounter these emails "in the wild". We curate different templates to cover many aspects of attack types appearing to come from major companies. If a user clicks on a link in one of these emails or gives their credentials, we will flag that in your administrator portal as having failed the simulation.
Within your phishing simulations, you can choose which templates you want us to send out and on what frequency. For example, should you choose two weeks, a phishing simulation will be sent at a randomly selected time within the two-week frame and after that cycle, the simulation will start up again at another randomly selected time.
We also recommend letting your team know these e-mails are coming. It helps center the discussion of cybersecurity at your company in addition to promoting vigilance.
The phishing simulations that we send will come through as an email into your inbox. You can choose the appropriate cadence for your team and then we take care of the rest! We will queue the simulations to be sent out at random times during the workday and with different templates. So your team will get a variety of templates at differing times.
Once an email lands in your inbox, the simulation has begun. The email will tempt your employee to click on links or attachments, mimicking cyber criminal tactics.
If a user clicks on the link, they will be brought to a landing page that resembles a login page of the same brand from the simulation where the user will be prompted to input their credentials.
Once the credentials have been given, immediately the user is made aware that this was a phishing simulation and this could have been a dangerous situation. We bring them to an on-the-spot training to help them identify areas of improvement.
As an administrator, you can review your teams progress with the phishing simulations and identify users who have failed these simulations, what actions were taken etc through the phishing simulation section of your workforce report.
Security tools can catch many threats, but some may get through, so it is important to train your employees to recognize these types of emails if they ever make their way into your inbox. Pair our phishing simulations with Upfort Shield trainings for a theoretical and practical approach.