Reply to post: We do these "tests" on staff...

If you have to simulate a phishing attack on your org, at least try to get something useful from it

Anonymous Coward
Anonymous Coward

We do these "tests" on staff...

...and we use convincing imitations of banking, fast food, coupon, on-line email, HM Tax office, and auction site alerts. And of course Social Networking sites - both the usual "big" sites, personal and professional.

Don't work too hard to disguise the "from" address, and obviously the links don't even look a little bit genuine if you hover.

But clicking the links takes you to a semi-believable "login" type page that if interacted with generates an error (so you can't *actually* put in any credentials...).

All contracted out which makes things easier and saves us mocking up emails and websites...

We get details of who opens the email, who clicks the links, and who tried to interact with the fake page.

Depressing report.

Usual suspects.

Too many.

Everyone in our Government org has had to work through Cyber defence training courses EVERY year, but apparently some shallower areas of the gene pool cannot be educated about Cyber Security.

Anon because I still enjoy my job... and if you could work out who I work for, political masters would demand a spherical sacrifice.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019