Advanced Phishing and Employee Awareness
Educate and evaluate your employees so that they know how to handle sophisticated phishing attacks.
Today's cyber intrusions are more pervasive than ever before. With high-profile data breaches in the news each week, it seems as if we're witnessing a new wave of extremely sophisticated exploits. Unfortunately, this is not true at all. The vast majority of intrusions are still caused by a simple attack known as phishing.
Phishing is when a malicious entity attempts to gain sensitive information including authentication, payment, or personal information in order to benefit themselves and/or harm another person. The malicious entity tricks the victim into providing this information by disguising as a trustworthy entity - usually a person or organization that the victim is familiar with. Phishing is typically carried out by email spoofing or instant messaging, and is extremely effective because it targets and exploits weaknesses in human judgement.
According to the U.S. Federal Bureau of Investigation (FBI), in 2016 there were almost 1.5 million phishing complaints and total reported losses of $4.6 billion - and that's just in the United States. Phishing is big business and can be extremely costly to your organization.
Now more than ever, it's important to train your employees on how to spot and handle phishing attacks. It's not enough to just know what phishing is - in order to stay protected, your employees must regularly be exposed to the latest tactics and techniques used by attackers, and they must receive training if they fail to respond correctly. PhishDrill by RevBits continuously educates and evaluates users within your organization by running different variations of phishing attacks, measuring effectiveness, and delivering custom training to improve your users' overall level of awareness.
PhishDrill allows organizations to simulate many different types of phishing attacks on their users, including those that have proven successful against others.
PhishDrill is one of the only solutions that simulates and evaluates reply-based phishing. In reply-based phishing, an attacker sends an email to an unsuspecting victim requesting information. PhishDrill simulates this attack and tracks the users who replied, including information that was sent.
Our innovative software sends sample malware to your users that doesn't do any real damage but does check and see if they are susceptible to an actual attack. Our sample malware looks just like a Microsoft Office document, except that it contains embedded "malicious" code.
Our URL and data entry attacks ask users to visit a link or sign up for a fictional service, such as signing up for a new health-care benefit plan or visiting a new company website. Our requests are compelling and really do make users want to click on them!
There are various types of phishing attacks; some are more sophisticated than others. PhishDrill allows you to adjust the difficulty of simulated attacks so that you can keep your users on their toes as they get smarter. Use this feature to slowly raise the overall level of awareness.
PhishDrill makes it easy to determine which users you would like to target and test. Our interfact allows you to mass-import users by first name, last name, email address, department, group/team, city, country and more. Once done, choose an attack type, difficulty level and start your campaign!
The key to improving your organization's response to a phishing attack is to increase the overall level of phishing awareness. There is no better time to do this than right after a user falls for a phishing attack. PhishDrill provides interactive training sessions to your users as soon as they fall for the attack by automatically redirecting them to the PhishDrill training system.
PhishDrill's training sessions are extremely detailed and provide users with the information they need to know to protect themselves against future attacks. Our training specifically shows the custom campaign that was run and how the user could have detected, ignored or reported it. We are the only anti-phishing software to provide that level of one-on-one training.
PhishDrill collects statistics on all users sent to training, too. That way, you'll know which employees took the training seriously and which closed out the program after 10 seconds.
Just as with all RevBits products, we include an API so that you can integrate PhishDrill with your existing software ecosystem or business processes. Create custom code to pull data from phishing campaign results.