A phishing attack test? Yes, a great way to educate employees about the dangers of phishing and how to recognize it. The emphasis should be on educating, not criticizing.
What’s the best way to conduct phishing attack tests? Teach your employees what bait attackers dangle. Go over your password procedures and show them how to identify unsecured links.
Isn’t phishing just a disguised email to trick you into giving information or downloading malware? Yes, but the disguises get more sophisticated as time goes on. In 2019, close to 30% of breaches resulted from successful phishing assaults.
A good deal of phishing emails don’t target anyone but sent to a broad swath of people. However, be aware of spear and whale phishing. A spear phisher targets a specific employee, often from a LinkedIn profile.
Whale phishing targets CEOs and company board members, which produces a fruitful payoff indeed. Everyone at your business needs to be vigilant and know the signs of an attack.
Let them know to inspect the URL spelling in the link before they click, and a URL redirect signals a problem. If an email from a person they know sounds questionable, email the person back to confirm via a trusted link. Don’t post personal data on social media sites.
Recognize and reward employees who catch phishing emails. It’s an excellent way to educate everyone about the danger.
Conduct random phishing attack tests but always use them as an educational tool. The object is a small catch, not netting the entire company.
Author: Kris Keppeler, a writer who finds technology fascinating and loves humor. She writes for Crossing Genres on Medium.com and Does This Happen to You? on Channillo. Award-winning podcast producer who enjoys telling stories. Follow her @KrisKKAria on Twitter or on LinkedIn.