Internet Solutions has launched an educational service called PhishNet, to help businesses protect themselves against phishing.
The PhishNet service allows security teams to launch authentic phishing campaigns against colleagues, which in turn will help bolster training within companies by demonstrating what a phishing lure looks like – and how easy it is to fall for one.
Internet Solutions tested the service out among its own employees, with worrying results.
According to IS, despite the hallmarks of phishing attacks – spelling errors, an outdated logo and a questionable subject line – 40% of IT-savvy contacts clicked on a link they received in an email, seemingly sent by Internet Solutions.
“This test clearly demonstrated that everyone is vulnerable to phishing, not only people who are technologically-inexperienced,” said Sean Nourse, chief solutions officer at Internet Solutions.
“We can be negligent and distracted using our personal devices, and we’re no different when using company laptops, mobile phones and tablets,” he said.
Phishing remains one of the most popular forms of cyber crime because it is highly profitable – it is easy to distribute thousands of emails that appear legitimate, and it offers returns in the form of banking PINs, credit card details, passwords, compromising personal information, confidential company and client information, or installation of malware or ransomware.
The recent WannaCry attack, which affected hundreds of thousands of machines worldwide, reportedly launched when an unsuspecting computer user opened a .zip file contained in a phishing email.
“PhishNet provides security teams with detailed reports on who clicked the links contained in the mock-emails, who submitted credentials when prompted and even who is running vulnerable or outdated Internet browsers.”
“This helps companies identify which employees require additional training and contributes to security efforts by making employees aware of new cyber threats,” the group said.