Email Phishing Campaigns
85% of organisations have suffered from phishing attacks
Email phishing campaigns are carried out by attackers seeking to trick employees into clicking on malicious links, divulging information useful in wider attacks or taking actions such as paying fictitious invoices.
Decoy is a CSA capability that records how an organisations employees react to email phishing campaigns. Using Decoy CSA can simulate different types of phishing emails and automatically record the results. Decoy can target the whole company, specific departments or individuals and can track clicks, document opens, and information that is submitted to forms on the landing pages set up as part of the campaign.
Email templates can be tailored using reconnaissance to tempt people to act or supply information that they should not, simulating what real cyber attackers do. Such reconnaissance led simulated campaigns can be targeted at senior individuals or departments such as finance or employees with admin rights to the company network. 97% of users are not able to identify a sophisticated phishing email. It is particularly important for those with greater admin privileges or those in senior positions to be tested on their ability to identify suspicious emails.
It is good practice to conduct regular Decoy campaigns to make sure that a high level of staff awareness exists and to reduce the risk of an expensive mistake. Decoy campaigns should be combined with either eLearning or onsite cyber awareness training and run every six months.