Teach a Team to Phish - or at Least, How to Spot One!

We are bombarded with spam email every day - most of it easily recognizable by tech-savvy folks. More than two-thirds of data breaches in 2020 were the result of such spam mail; phishing emails to be exact. Phishing emails have become more elaborate as time goes on, and they have proven to be one of the most popular avenues used by attackers to steal data. If an employee in your organization falls for a phishing scam, they could give those attackers access to important data or systems without meaning to or even understanding they have done so, making phishing emails a very dangerous threat indeed.

Several months ago, we decided to take action against these threats by testing our employees with a simulated phishing campaign. This campaign, along with employee training, has been very successful in getting our employees to spot phishing emails and feel confident in reporting them. We’ll go over how we went about setting this program up, the data we collected through the life of the program so far, and how we’ve used that data to fine tune our approach towards phishing emails so that you too can implement a similar campaign in your workplace.