Phishing Awareness Stine Frederiksen March 20, 2022

Phishing Awareness

The purpose of the phishing campaign is a measurement of existing IT behaviour and building knowledge about phishing in your organisation.

Dubex-Palermo-22--Facade-web
two-colleagues-computer--1920x1080

Four good reasons to run phishing tests in your organisation

  1. Get management involved
  1. Make an impact with your awareness training programme (“Seeing is believing”)

  2. Tough on measurable KPIs

  3. Test the emergency readiness

Organisations worldwide are challenged by three-stage phishing attacks

Organisations worldwide are challenged by three-stage phishing attacks that are frequently seen as the cause of security breaches. The three stages of this type of attack are characterised by:

  1. The sending of a phishing email with a link to a phishing website or attachment infected with malware.
  2. The hacker establishes a foothold on the computer in question when malware is downloaded via the attachment or phishing website. The username and password are typically stolen via key logging or by the victim being enticed to enter this directly on the phishing website.
  3. With the username and password, the hacker intensifies the attack by installing additional malware for espionage, ransomware attacks, etc.

Our phishing tests imitate a three-stage attack

Stage 1: Opens the phishing mail

Stage 2: Clicks on the phishing link

Stage 3: Enters the password on the phishing site

In the third stage, there are two types of results:

  • A landing page without explanation, where a realistic result is achieved and you are unable to warn colleagues
  • A landing page with explanation, for an optimal learning moment, where you can manage to warn colleagues

Dubex reports click rate and data submit rate

Phishing and Targeted phishing

Dubex Phishing tests are available in two varieties:

  • Phishing — get a generic comparison of the behaviour in your organization in regard to other organisations and a report with general recommendations. Read more
  • Targeted Phishing — experience how many fall into the trap of a tailored attack. 
    Dubex security consultants perform targeted research and design a phishing test with your organisation in mind, as a hacker would do with a spear phishing attack. Get a report with specific recommendations for your organisation. Read more
 

Phishing

Start-up: Email
Technical Briefing: Document
Instructions for handling user inquiries: Document
Phishing design: Choose from generic design templates
Max. number of users: 1,000
Max. number of breakdowns/batches of mail sending: 1
Duration: 12 hours

Reporting and recommendations: 

  • Result for the entire organisation
  • Benchmark numbers
  • Generic recommendations
  • Possibility for follow-up learning: Learning page from selected design template

 

The following is provided by the customer:

  • Language selection (one language)
  • IP and domain whitelisting
  • Test group (1-5 people)
  • User summary (CSV file, see technical brief)
  • Date when the test will be carried out

Targeted Phishing (Spear Phishing)

Start-up: On-site or online meeting
Technical Briefing: Document, online meeting
Instructions for handling user inquiries: Document, online meeting
Phishing design: Tailored by Dubex (customer gets two reviews)
Max. number of users: 10,000
Max. number of breakdowns/batches of mail sending: 5
Duration: 24 hours

Reporting and recommendations

  • Outcome for the entire organisation and subdivisions
  • Benchmark numbers
  • Description of targeted research/design (OSINT)
  • Tailored recommendations
  • Presentation at the customer
  • Tailored learning page

Possibility for follow-up learning: Tailored learning page

The following is provided by the customer:

  • Language selection (one language)
  • IP and domain whitelisting
  • Test group (1-5 people)
  • User summary (CSV file, see technical brief)
  • Date when the test will be carried out

Targeted Phishing (Spear Phishing)

As an initial part of the Dubex Awareness training programme, a phishing campaign is conducted that serves as a measuring point for the existing IT behaviour and knowledge of phishing within the organisation. This zero-point measurement can serve as a reference for an equivalent measurement once the awareness training programme is completed. Furthermore, the campaign serves as a means of communication to employees in the training programme and as an eye-opener for management. Learn more about Dubex Awareness Program.

 

Get the maximum awareness out of your phishing test

Dubex’s communications products open eyes to the organisation’s behaviour. Use them as part of a larger awareness training programme or as a stand-alone follow-up to your phishing test.

We've helped over 500 locations worldwide

Address tomorrow’s challenge, today.

Talk to an expert about how we can secure your business