Find out what percentage of your employees are Phish-prone™ with your free phishing security test. Plus, see how you stack up against your peers with the new phishing Industry Benchmarks!
IT pros have realized that simulated phishing tests are urgently needed as an additional security layer. Today, phishing your own users is just as important as having antivirus and a firewall. It is a fun and an effective cybersecurity best practice to patch your last line of defense: USERS
Why? If you don't do it yourself, the bad actors will.
Here's how it works:
The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Phishing is the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters.
Emails claiming to be from popular social websites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering.
Additionally, here are our top 10 prevention tips to share with your users to help keep them safe from anywhere:
Your last line of defense against phishing attacks is your users. That's why the most important step you can take towards prevention is a new-school security awareness training program combined with regular simulated phishing tests.
KnowBe4's free Phishing Security Test can determine the vulnerability level of your network by giving you an indication of how many people may be susceptible to an email-born social engineering attack.
It can also be used to supplement and reinforce training received in the KnowBe4 training modules by giving your users real world “practice” in recognizing social engineering attacks and responding to them appropriately.
It works like this: The PST sends one email to each user in your organization. In our initial, free phishing security test, the email sent is a link test, which involves some text meant to lure the user into clicking an embedded link. Once the link is clicked, the user is directed to a Landing Page. Our Basic Landing Page tells the user they have been part of a simulated phishing test and gives them some rules to apply when inspecting emails in their inbox.
The results of the test include the number of users who failed the test divided by the number of users to whom the test was delivered. This gives you a Phish-Prone Percentage – the percentage of your users who “failed” the PST.
Phishing and training your users as your last line of defense is one of the best ways to protect yourself from attacks. Here are the 4 basic steps to follow:
An additional 5 points to consider:
...and what we've found to be the 5 best practices to embrace:
Phishing your users is actually FUN! You can accomplish all of the above with our security awareness training program. If you need help getting started, whether you're a customer or not you can build your own customized Automated Security Awareness Program (ASAP) by answering 15-25 questions about your organization
After you run the test, you can return to your account at any time to view the results on the Dashboard page. You will be able to see your Phish-Prone Percentage, showing your vulnerability if a similar phishing attack were to occur within your organization. You will also see how your Phish-Prone Percentage compares with others in your industry, after one year of combined computer-based security awareness training and simulated phishing.
A PDF report will also be emailed to you automatically after 24 hours. If you would like to know who clicked, your rep or reseller can get you that information!
Armed with this knowledge, you can help protect your organization by teaching your users about the dangers of these types of attacks. Enrolling in KnowBe4's new school security awareness training can help you achieve this goal. Through KnowBe4, you can train your users to spot the warning signs and keep their skills sharp by sending fake phishing attacks much like the ones in this free tool.
Cybercriminals are constantly updating their phishing techniques. While the content of phishing emails have come a long way and continue to evolve over the years, here are a few basic variations that are most common:
Mobile phishing attacks in the first quarter of 2020 have increased by 475% from the same period in 2019, according to a recent report by Lookout. Attacks on mobile devices are nothing new, however they are gaining momentum as a corporate attack vector.
Attackers now take advantage of SMS, as well as some of today’s most popular and highly used social media apps and messaging platforms, such as WhatsApp, Facebook Messenger, and Instagram, as a means of phishing. Security professionals who overlook these new routes of attack put their organizations at risk.
Here are just a few phishing related risks posed by mobile device use:
Learn about more phishing examples, mobile phishing, and how to prevent attacks on our Ultimate Resource to Phishing.