Phishing Posts

If you aren't yet running phishing simulations across your company, it's time.  29% of data breaches involve phishing (source: Verizon) -- it's a problem worth resolving.  We've covered phishing extensively on this blog.  Everything from our top 113 favorite phishing simulation emails, to simple steps to help your team identify fraudulent emails, to this advanced guide showing 7 techniques we use to sniff out phishing.  However, we think we've overlooked an important topic: what to do when an employee clicks a link on a phishing simulation email.  Here are your options.

When a company’s phishing simulation emails land in the news headlines, that’s a bad thing. The recent news out of GoDaddy about a phishing a simulation email that claimed to be a holiday bonus is a prime example. So is the example out of Tribune Media a few months ago. Although we don’t know the particulars about what motivated those particular phishing simulations, we do know that they were not well received, and that there are much more appropriate strategies readily available. Here are four strategies that we recommend to our clients, and that we help them implement by leaning on our massive bank of preconfigured phishing email templates (113 phishing simulation email examples).

There are some easy email security best practices to follow when it comes to tagging emails that come in from external sources.  This has become a huge topic recently because the increase in phishing attacks has made it incredibly important for employees to know whether a particular email came from an internal sender (e.g., your boss) versus an external sender (e.g. someone pretending to be your boss).  Helping employees very easily distinguish between the two can be the difference between falling for a phishing attack versus staying safe.

Spear phishing training is an effort to fend off the most devious form of phishing: spear phishing.  Spear phishing is a phishing attack that is targeted at an individual. Not a phishing attack claiming to be from Citibank sent to a million random recipients on the hope that some of them are Citibank customers.  Not a phishing attack claiming to be package delivery information from UPS sent to hundreds of thousands of email addresses.  A phishing attack whose message body is unique to one person, containing context relevant to that one person.

A few years ago this type of attack was talked about but not frequently seen in the wild: now it's seen by most of our clients, most months, but with some predictable patterns worth addressing via training.  This post is our first shot at describing what we think that training looks like.

What makes a great phishing simulation email?  We'll share our perspective, and reveal the top 113 phishing simulation emails that we use at Havoc Shield.

UNC Path Injection is an attack that we consider to have originated in the 1990s.  It's exact origins are difficult to trace, but the mid-1990s were a period of tremendous growth in terms of adoption of the Windows NT operating system, and anecdotally that seems to be the operating system that some of the early UNC Path Injection attacks occurred on.