Cybercrime is a growing problem and every organization has been the target of phishing via email or WhatsApp at one time or another. Hackers are always finding new ways to steal data, so it’s important to keep your employees on their toes and make sure company data remains secure. So one of our partners decided to set up an experiment to test how observant employees were. Given several partners were interested in the process below are the steps taken in the test:
Step 1: An Outlook environment that looks just like the real thing
The test began by setting up a fake Outlook environment that looked exactly like the real Microsoft Outlook page. However, those who tried to log in to this fake environment were not really logged in. Instead, the login information was passed on to the IT department.
Step 2: Fake mail #1
They then sent an e-mail from the general manager asking to change the password via a link to the fake Outlook environment. Unfortunately, this email was quickly discovered and shared in the group chat, so they were not yet successful.
Step 3: A second attempt…
A week later, they tried again with a message about “recent phishing attacks” and indicated that security was being worked on through two-step verification. They made it even easier for colleagues by sending them a link (to the fake environment).
Results of the experiment
In the end, only one of the 76 employees was enticed to click on the link and log in. Thanks to quick communication via group chat, everyone was up to speed quickly and the team passed (almost) with flying colors.
This experiment proves that phishing emails can appear real, even without internal information. It is important to always pay attention to different e-mail addresses and share information quickly within the group. The employees of this particular partner will long remember this experiment and remain aware of the dangers of cybercrime.
Take a test as well?
If your organization uses Microsoft Office 365, you could take advantage of Attack Simulation Training.