How can I give my employees a fake phishing scam?

May 4, 2019, 5:00 AM
(Pexels photo)...
(Pexels photo)
(Pexels photo)

Q: What can I do to test my employees to see how likely they are to fall for a phishing scam?

A: More than ever, businesses are a primary target of cyber criminals because they know that a business is more likely to pay more in a ransomware scam or wire fraud scam.

Not only is there more money to be made, they have a larger number of targets they can pursue to achieve their goals.  All it takes is one user in the company to fall for a cleverly crafted email for the infiltration to begin.

The weakest security link

No matter how sophisticated your cyber-security technology has been setup to prevent unauthorized access to your network, your employees are your last line of defense.

Your users are also the easiest way to gain access, so rather than trying to penetrate your technology fortress head on, thieves will simply use clever tricks on humans to bypass your security systems.

The methods used by cyber thieves continue to evolve, so continuous education and awareness of the threat is the only way to harden your employees.

Cyber security is never going to be a ‘fire and forget’ process, so building a strategic plan for ongoing education is highly recommended.

It should be considered a compliance issue much like you approach accounting and HR issues and regulations.

Free test tools

Lots of companies have created tools and resources that will both test and educate your employees.

One of my long-time favorites is a company called KnowBe4, which offers over a dozen free tools that any business can use to test their employees or check for breach exposures.

Another reason I like this company is because their ‘Chief Hacking Officer’ is Kevin Mitnick, once known as the ‘World’s Most Wanted Hacker’ in the mid 90’s and author of “The Art of Deception: Controlling the Human Element of Security”.

He’s since turned his talents from crime to consulting and helps companies understand how hackers think and act.

Phishing reply test

Of the 14 free tools offered by KnowBe4, one of the most helpful is the Phishing Reply Test because it shows you who opened the suspicious message but more importantly, who fell for the trick and replied to the message.

You can choose from 3 different scenarios to send to your employees and spoof the sender’s name by using someone they would likely trust – just like real phishing scams often do – then compile the results for you within 24 hours.

CEO fraud attack

Testing to see if your employees will fall for a spoofed internal email is always a good check, as a fake message from an important person in your organization is a common attack technique.

The Domain Spoof Test will require that the person in charge of your email platform and security be involved, because it’s a little more involved than some of the other tests.

Each of their free test tools can be requested by filling out the form associated with each tool, so it won’t take long for you to start assessing your employees so you’ll know what you need to teach them.

Data Doctors

Jumper cables are jammed to a car battery. Photo: Christophe Gateau/dpa (Photo by Christophe Gateau...
Ken Colburn, Data Doctors

Here are tips for buying car battery jumper packs

The starting price of these battery packs is so cost-effective, it’s kind of a no-brainer to have one for each car in your family.
5 days ago
(AP Photo/Richard Drew)...
Data Doctors

Here is how long different iPhone support services last

Different versions of iPhone support services can last longer than others, so here's a list of how long repair, iOS and app support lasts.
12 days ago
(Pexels Photo)...
Data Doctors

What to do with random PayPal security messages

If you are getting ‘security codes’ from a standard 10-digit phone number, it isn’t PayPal at all.
19 days ago
(Pexels Photo)...
Data Doctors

Here are tips for finding recently added contacts in your iPhone

Here are some other ways to navigate finding recently added contacts in your iPhone.
26 days ago
In this photo illustration the logo and search page of the multi-facetted internet giant Google is ...
Ken Colburn, Data Doctors

How to better examine your Google search sources

Now, more than ever, it’s important to know the source of information you find online and there's a handful of ways to clean up your Google search.
1 month ago
(Pexels Photo)...
Data Doctors

Smartphone cases, other factors could be the reason your phone is overheating

There are a few variables that could be the reason your smartphone is overheating -- here's what you can do to prevent it.
1 month ago

Sponsored Articles

Children’s Cancer Network

Children’s Cancer Network celebrates cancer-fighting superheroes, raises funds during September’s Childhood Cancer Awareness Month

Jace Hyduchak was like most other kids in his kindergarten class: He loved to play basketball, dress up like his favorite superheroes and jump as high as his pint-sized body would take him on his backyard trampoline.
Day & Night Air Conditioning, Heating and Plumbing

Ways to prevent clogged drains and what to do if you’re too late

While there are a variety of ways to prevent clogged drains, it's equally as important to know what to do when you're already too late.
Day & Night Air Conditioning, Heating and Plumbing

Most plumbing problems can be fixed with regular maintenance

Instead of waiting for a problem to happen, experts suggest getting a head start on your plumbing maintenance.
How can I give my employees a fake phishing scam?