29% of data breaches
used social tactics.
Source: Verizon Data Breach Investigations Report - 2013
How well do your employees understand the risks associated with Spear‑phishing attacks?
A spear phishing attack can be hand crafted for your organisation, and therefore may easily slip through your e-mail filters undetected. An unsuspecting employee may provide their login details – after all – the email arrived from your “IT department” and even the website branding looked familiar. The security breach may go on undetected for months resulting in far reaching consequences.
Omniquad’s Spear Phishing Safety Assessment Subscription service audits that your end users are aware of these risks and would not give confidential information when exposed to spear phishing
How it works
- You enrol to the service.
- We recommend an initial email safety brief and a questionnaire to gauge your employees’ knowledge of the risks of phishing and spear phishing. Your users should be informed that checks will be done in the future. We also recommend a follow up brief a couple of months into running the service, with another short questionnaire. This will reassure you that your employees are learning from the experience.
- End users are randomly sent e-mails pointing them to a “controlled safe phishing” site (a control site) that has been designed by us for the purpose of the audit. The site will be tailored to resemble your branding; in a way that anyone can copy content from your website.
- The phishing emails will ask for passwords, credit card details etc.
- In event of any user actually providing these details – they will not be stored. Instead, educational information will be displayed to the end user informing them about what just happened.
- Your management report – available on the portal and as summary email update – will give you overview of how many users would have provided their details.
Phishwise - Questions & Answers
Shall I change passwords of users who provided them in the control site?
We do not save or log the passwords of any users who failed the tests. You may however change the passwords for these users if you wish to do so.
Will all users be sent control phishing emails at the same time?
Not unless requested - a spear phishing run sent concurrently to all users could possibly make them alert each other. A real attack could be sent to few users over long period of time and we aim to replicate this as much as possible.
What do I do if my well educated end users report the suspicious emails to me?
You can report them back to us, since you yourself would not know whether they are genuine.
Do I have control over how the control phishing site will look like?
No, each control phishing site is unique and created only for the duration of the particular phishing test. They will change at no notice, and so will the type of information we prompt the users for.
Can I choose which users are tested?
Yes, however we recommend that all users are tested during your subscription.