Cybercrime is a growing problem and every organization has been the target of phishing via email or WhatsApp at one time or another. Hackers are always finding new ways to steal data, so it’s important to keep your employees on their toes and make sure company data remains secure. So one of our partners decided to set up an experiment to test how observant employees were. Given several partners were interested in the method below are the steps taken in the test: Step 1: An Outlook environment that just looks real The test began by setting up a fake Outlook environment that looked exactly like the real Microsoft Outlook page. However, those who tried to log in to this fake environment were not really logged in. Instead, the login information was given to the IT department. Step 2: Fake email #1 They then sent an email from the general manager requesting to change the password via a link to the fake Outlook environment. Unfortunately, this email was quickly discovered and shared in the group chat, so they were not yet successful. Step 3: A second attempt… A week later, they tried again with a message about “recent phishing attacks” and indicated that security was being worked on through two-step verification. They made it even easier for the colleagues by sending them a link (to the fake environment). Results of the experiment In the end, only one of the 76 co-workers was enticed to click on the link and log in. Thanks to rapid communication via group chat, everyone was quickly informed and the team (almost) passed with flying colors. Final Conclusion This experiment proves that phishing emails can appear real, even without internal information. It is important to always pay attention to different e-mail addresses and share information quickly within the group. The employees of this particular partner will remember this experiment for a long time and remain aware of the dangers of cybercrime. Also want to conduct a test? If your organization uses Microsoft Office 365, you could use the Attack Simulation Training.
