תקן אבטחת מידע
ISO 27001
Phishing campaign
Phishing is an internet scam in which there is an attempt to steal sensitive information by impersonating yourself on the internet. The information may be, among other things, usernames and passwords or financial details. Phishing is carried out by pretending to be a legitimate party interested in receiving the information. Most often, the impersonator sends an instant message or e-mail in the name of a known website, in which the user is asked to click on a link. After clicking on the link, the user arrives at a fake website where he is asked to enter the details that the impostor wants to steal.
Questions and Answers
How to deal with a phishing attack?
There are built-in tools to deal with malicious emails, quite well but not perfectly. There are still many cases in which we will encounter such emails in our mailbox. Therefore, employees should be taught and trained to identify suspicious emails, and not to click on the links.
One of the most important tools for protecting information is to raise the level of awareness of employees and the effective way to do this is a phishing test.
Who should perform a phishing test?
To all employees in the company from the junior employee to management and including subcontractors that the company employs.
When should you perform a phishing test?
The most effective way is to perform several tests throughout the year. In this way, it is possible to maintain constant vigilance on the part of the employees, and in addition to present data over a period of time, thus examining improvement trends
Some organizations prefer to perform the test close to annual awareness training and present the results during the training
How do we know we are improving?
The results of the phishing campaign are shown in comparison with a benchmark so that you can see the percentage of success in relation to what exists in the market where the company operates
In addition, on the timeline you can see the trends of the company's employees according to different segments.
?How It Works
The steps of the process
Characterization
Knowing the organization, the types of users and, accordingly, characterizing the attack outline and the method of execution. It is important to adapt the test to the activity
The organization to achieve the best in sending appropriate emails
1
3
Performing the test
Carrying out a test in accordance with the characterization. Sometimes, the test will be divided into several beats accordingly to the departments of the organization
2
Definitions and adjustments
Work in collaboration with the IT team in order to facilitate the test and prepare the technical infrastructure for execution.
4
Final report
A summary report that includes the percentage of success, details of those who failed the test and
Treatment recommendations