Solution Spotlight: Phish Testing – To Click or Not to Click: That is the Question

Phishing attacks are on the rise, and they’re more sophisticated than ever… playing on your emotions, masquerading as an email from grandma, your boss, or even big box retailers like Amazon, eBay, and Target.

Did you know that 91% of successful data breaches started with a phishing scheme? What have all these breaches, hacks, phishes, and attacks proven? Nobody is immune and it can happen to anyone.

Now that we know less than 10% of successful breaches start outside of phishing schemes, what would be your guess as to the average cost of a phishing attack for mid-sized companies?
What if we told you 1.6 million? It’s true…

Now that we have your attention and have sufficiently painted a frightening picture of loss and compromise, let’s start with the basics:

Phishing 101

Phishing is a scam and you are the target. It is an email that appears to come from a business or someone that you know but, in reality, it is malicious by design and seeks to obtain sensitive information (bank account numbers, passwords, financial information, etc.).

Phish Testing

How do we learn to recognize phishing emails? How do we, as leaders, identify users within our organizations that could really benefit from Security Awareness Training? How do we confirm compliance amongst staff members and increase awareness which decreases the risk for being compromised? It’s simple really… we implement Phish Testing within an organization and find out what percentage of employees are drawn to phishing emails. Simulating phishing attacks is an additional layer of security for your employees and is just as important as having anti-virus, anti-spam or a firewall. In today’s world, when you randomly phish your employees you are heightening their awareness to what they should look for in their inbox. In addition, you are implementing an effective cybersecurity best practice to protect your last line of defense: USERS

Benefits of Phish Testing:

  • Educate users on warning signs they missed with customized landing pages and user education
  • Recurring phishing statistics on your organization
  • Phish Testing data helps to compare your organization to others in the industry
  • Learn what types of landing pages, incentives or freebies that your employees are attracted to and heighten their awareness

Let’s start now. If you received the email below, would you click on it?

If you did, you would have fallen victim to a phishing attack, just like the other 1 in 8 that clicks on links within phishing emails. Take another look at the domain that appears in the address showing who the email is from: @amazeprime.com (this is not Amazon).

Amazon may lure in some users, but what if others jump at free ice cream, a trip to Tahiti or a lifetime supply of M&Ms? It takes one person and one click to change your business landscape in many ways from causing some minor business interruption to holding your entire organization’s production data and intellectual property hostage.

Why wait for a hacker to test it out, when you can do so yourself? Contact The TNS Group today to learn more about how you can protect yourself from phishing attacks.

Categories: Managed Service Provider, MSP Blogs