ADVANCED PHISHING AND

EMPLOYEE AWARENESS

PHISHDRILL

WHAT IS PHISHING?

Phishing is when a malicious entity attempts to gain sensitive information

including authentication, payment, or personal information in order to

benefit themselves and/or harm another person. The malicious entity

tricks the victim into providing this information by disguising as a

trustworthy entity - usually a person or organization that the victim is

familiar with. Phishing is typically carried out by email spoofing or instant

messaging, and is extremely effective because it targets and exploits.

WHY YOU NEED PHISHDRILL

According to new cyber threat intelligence, the phishing threat landscape continues to evolve and is startlingly different than it was years ago. Over the last year, there have been two major events that have reshaped phishing attacks. The first major change was large data breaches seen in 2016 which have exposed millions of email addresses. The second event was the rise of new ransomware tools such as Petya and WannaCry, that have claimed victims in several industries. These events have guaranteed that phishing will continue to be the most prolific and preferred method of all types of attackers.

Studies conducted by PhishMe found that 91% of cyberattacks start with a phish. Employees tend to fall for phishing attacks due to curiosity, fear and urgency, although other factors are presented as well. However, susceptibility to phishing drops almost 20% after a company runs just one failed simulation. That’s good news - it means that it is not difficult to teach your employees how to spot and avoid phishing.

Now more than ever, it's important to train your employees on how to spot and handle phishing attacks. It's not enough to just know what phishing is - in order to stay protected, your employees must regularly be exposed to the latest tactics and techniques used by attackers, and they must receive training if they fail to respond correctly.

PhishDrill by RevBits continuously educates and evaluates users within your organization by running different variations of phishing attacks, measuring effectiveness, and delivering custom training to improve your users' overall level of awareness. PhishDrill is proven to substantially reduce the threat of major incidents such as Business Email Compromise (BEC), ransomware, and more.

weaknesses in human judgment

ATTACK AND TEACH YOUR EMPLOYEES

PhishDrill uses behavioral conditioning to teach employees how to recognize and appropriately respond to phishing attempts,

thereby strengthening your most important line of defense - your people. PhishDrill simulates various types of phishing attacks

on their users, including samples that have been proven successful against others.

Best of all, PhishDrill scenarios are based off of actual phishing campaigns that caused damage in other companies. We want to

ensure that your employees know how to avoid actual threats.

FEATURES Extensive Library of Phishing Templates

Choose from our library of many different scenarios. Search, filter

or sort through our robust list, which is updated frequently and

even contains some of the latest and most dangerous campaigns

that have actually been seen on the Internet.

Scheduling

Make your campaign correspond to normal business activity by

selecting and scheduling when to run it - down to the minute.

You can even set a "drop-dead" time to stop sending emails if the

campaign isn't finished in time.

Extensive & Detailed Reports

PhishDrill provides robust reporting to show the outcome of every

campaign with advanced visualizations and custom graphs that

combine data points to help you critical security questions.

Easy Integration

RevBits includes an API so your organization can integrate

PhishDrill with your existing software ecosystem or business

processes. Additionally, you can create custom code to pull data

from phishing campaign results!

Reply-Based Phishing

PhishDrill is one of the only solutions that simulates and evaluates

reply-based phishing. In reply-based phishing, an attacker sends an

email to an unsuspecting victim requesting information. Our software

simulates this attack and tracks the users who replied, including

information that was sent.

URL and Data Entry Phishing

Our URL and data entry attacks ask users to visit a link or sign up for a fictional service, such as signing up for a new health-care benefit plan or visiting a new company website. Our requests are compelling and really do make users want to click on them!

PhishDrill allows you to adjust the difficulty of simulated attacks so that you can keep your users on their toes as they get smarter. Use this feature to slowly raise the overall level of awareness. PhishDrill's training sessions are extremely detailed and provide users with the information they need to know to protect themselves against future attacks. Our training specifically shows the custom campaign that was run and how the user could have detected, ignored or reported it.

Malware and Ransomware Simulations

Our innovative software sends sample malware to your users that

doesn't do any real damage but does check and see if they are

susceptible to an actual attack. Our sample malware looks just like a

Microsoft Office document, except that it contains embedded

"malicious" code.