Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
ADVANCED PHISHING AND
EMPLOYEE AWARENESS
PHISHDRILL
WHAT IS PHISHING?
Phishing is when a malicious entity attempts to gain sensitive information
including authentication, payment, or personal information in order to
benefit themselves and/or harm another person. The malicious entity
tricks the victim into providing this information by disguising as a
trustworthy entity - usually a person or organization that the victim is
familiar with. Phishing is typically carried out by email spoofing or instant
messaging, and is extremely effective because it targets and exploits.
WHY YOU NEED PHISHDRILL
According to new cyber threat intelligence, the phishing threat landscape continues to evolve and is startlingly different than it was years ago. Over the last year, there have been two major events that have reshaped phishing attacks. The first major change was large data breaches seen in 2016 which have exposed millions of email addresses. The second event was the rise of new ransomware tools such as Petya and WannaCry, that have claimed victims in several industries. These events have guaranteed that phishing will continue to be the most prolific and preferred method of all types of attackers.
Studies conducted by PhishMe found that 91% of cyberattacks start with a phish. Employees tend to fall for phishing attacks due to curiosity, fear and urgency, although other factors are presented as well. However, susceptibility to phishing drops almost 20% after a company runs just one failed simulation. That’s good news - it means that it is not difficult to teach your employees how to spot and avoid phishing.
Now more than ever, it's important to train your employees on how to spot and handle phishing attacks. It's not enough to just know what phishing is - in order to stay protected, your employees must regularly be exposed to the latest tactics and techniques used by attackers, and they must receive training if they fail to respond correctly.
PhishDrill by RevBits continuously educates and evaluates users within your organization by running different variations of phishing attacks, measuring effectiveness, and delivering custom training to improve your users' overall level of awareness. PhishDrill is proven to substantially reduce the threat of major incidents such as Business Email Compromise (BEC), ransomware, and more.
weaknesses in human judgment
ATTACK AND TEACH YOUR EMPLOYEES
PhishDrill uses behavioral conditioning to teach employees how to recognize and appropriately respond to phishing attempts,
thereby strengthening your most important line of defense - your people. PhishDrill simulates various types of phishing attacks
on their users, including samples that have been proven successful against others.
Best of all, PhishDrill scenarios are based off of actual phishing campaigns that caused damage in other companies. We want to
ensure that your employees know how to avoid actual threats.
FEATURES Extensive Library of Phishing Templates
Choose from our library of many different scenarios. Search, filter
or sort through our robust list, which is updated frequently and
even contains some of the latest and most dangerous campaigns
that have actually been seen on the Internet.
Scheduling
Make your campaign correspond to normal business activity by
selecting and scheduling when to run it - down to the minute.
You can even set a "drop-dead" time to stop sending emails if the
campaign isn't finished in time.
Extensive & Detailed Reports
PhishDrill provides robust reporting to show the outcome of every
campaign with advanced visualizations and custom graphs that
combine data points to help you critical security questions.
Easy Integration
RevBits includes an API so your organization can integrate
PhishDrill with your existing software ecosystem or business
processes. Additionally, you can create custom code to pull data
from phishing campaign results!
Reply-Based Phishing
PhishDrill is one of the only solutions that simulates and evaluates
reply-based phishing. In reply-based phishing, an attacker sends an
email to an unsuspecting victim requesting information. Our software
simulates this attack and tracks the users who replied, including
information that was sent.
URL and Data Entry Phishing
Our URL and data entry attacks ask users to visit a link or sign up for a fictional service, such as signing up for a new health-care benefit plan or visiting a new company website. Our requests are compelling and really do make users want to click on them!
PhishDrill allows you to adjust the difficulty of simulated attacks so that you can keep your users on their toes as they get smarter. Use this feature to slowly raise the overall level of awareness. PhishDrill's training sessions are extremely detailed and provide users with the information they need to know to protect themselves against future attacks. Our training specifically shows the custom campaign that was run and how the user could have detected, ignored or reported it.
Malware and Ransomware Simulations
Our innovative software sends sample malware to your users that
doesn't do any real damage but does check and see if they are
susceptible to an actual attack. Our sample malware looks just like a
Microsoft Office document, except that it contains embedded
"malicious" code.