This month’s touchdown task is to spend about an hour doing some phishing. Phish your user base, executives and other likely targets. Use the process as a basis for ongoing awareness and security training.
Phishing is a LOT easier and more effective than you might think. We’ve made it easy for you to do, with a free tool called MSI SimplePhish. You can learn exactly how to do it by clicking here.
Pay special attention to this step:
PreCursor: Obtain permission from your security management to perform these activities and to do phishing testing. Make sure your management team supports this testing BEFORE you engage in it.
You might need a couple more ideas for some phishing templates, so here are a couple of the most simple examples from real phishing going on right now:
1. Simply send a non-sensical subject line and the entire body of the message is the phishing url. You might encode this to make it more fun using something like a URL shortener.
2. Copy one of those spam messages that go around where the target inherits 40 million dollars from an oil company exec in the Congo or somewhere. Check your spam folder for examples. Replace the URLs with your phish site URL and click send.
3. Send a simple music trivia question, which is common knowledge, and tell them to click on the target URL to answer. Make it appear to be from a local radio station and if they answer correctly, they win a prize (movie tickets, concert tickets, etc.)
As a bonus, simply do what many testing vendors do ~ open your gmail spam folder and pick and choose any of the spam templates collected there. Lots to pick from.
The exercise should be fun, easy and likely effective. If you need any help, drop us a line or give us a call. Until next month, stay safe out there!