Evaluating Susceptibility to Phishing and Spear Phishing
Our recently acquired ThreatSim® attack simulation product is an excellent option if you are looking to deliver a phishing-focused security awareness training program. The ThreatSim mock attack system allows you to deliver simulated phishing emails with embedded Teachable Moments, which display targeted "just-in-time teaching" messages to individuals who fall for a simulated attack.
Using the SaaS-based ThreatSim interface, you can develop and administer preconfigured or customized attack campaigns and Teachable Moments. Comprehensive reporting functions allow you to understand your organization’s risk and respond accordingly.
ThreatSim can operate as a standalone assessment tool or can be paired with our interactive training modules to deliver a comprehensive education program. With our Anti-Phishing Training Suite, you can utilize our unique Auto-Enrollment feature to automatically assign follow-up training to any user who clicks on a mock phishing email.
- Provides a variety of customizable email templates that address three key testing factors: attachments, embedded links, and requests for personal data.
- Automatically presents any employee who falls for a mock attack with a Teachable Moment (see below), which explains the situation and provides practical guidance and tips for future reference.
- Includes our PhishAlarm® one-click email reporting button. This email client add-in allows employees to report suspected phishing messages to your security and incident response teams with a single mouse click.
- Offers a Staggered Message Delivery option, which spreads out the distribution of emails to minimize the impact to your email servers and IT helpdesk. This function also reduces the chances that employees will figure out — and discuss — the mock attacks, which helps to preserve the integrity of your phishing data.
- Provides extensive analytics and reporting about employee responses to various attack scenarios. You’ll also know whether employees fell for an attack through a mobile phone, a tablet, or a computer; the browsers they were using; and their locations when they fell for the attack.
- Offers an optional Weak Network Egress function, which can help detect data egress from users’ PCs and, as a result, allow security personnel to identify and modify security controls to reduce potential security threats.
- Gives you the option to check for browser vulnerabilities, with the capability to flag out-of-date (and potentially vulnerable) third-party plug-ins on end-user PCs.
- Gets employees thinking about best practices and how to respond to future threats.
Employees who fall for a ThreatSim simulated attack are automatically presented with an “intervention message.” You can route clicks to your own internal messaging or choose one of our customizable Teachable Moments. By utilizing “just-in-time teaching” at the moment an employee interacts with a mock phishing email, you can explain what happened, outline the dangers associated with real attacks, and give practical advice about avoiding future traps.
We offer several formats for our Teachable Moments and allow you to tailor the message as you see fit. In addition to improving awareness, this approach offers an opportunity to set the stage for future in-depth training by motivating employees to learn and implement safe behaviors.
Training: The Next Step
Mock attacks are excellent standalone tools, but they are most effective when paired with interactive training. Our 10- to 15-minute educational modules offer brief but focused training about the dangers associated with phishing attacks. Our education is based on proven Learning Science Principles that lengthen knowledge retention and drive behavior change.
Connecting the components of our Assess, Educate, Reinforce, Measure methodology can dramatically improve the efficacy of your security awareness and training program and further reduce your risks. Integration between mock attacks and education can increase completion rates five- to tenfold; our data has shown that employees who fall for mock attacks are up to 90% more likely to complete follow-up training. Our Anti-Phishing Training Suite links simulated attacks to education, allowing you to automatically deliver training to your most susceptible users.