PhishMe service identifies, educates gullible users
- TAGS:Intrepidus Group, phishing, PhishMe, security
- IT TOPICS:Enterprise Apps, Security
This week Intrepidus Group Inc. of Chantilly, Va. unveils its PhishMe service. In effect, it gives IT the tool to phish its end users.
CEO Rohyt Belani says the new software-as-a-service lets you set up mock phishing attacks "to measure how aware employees are of phishing" and then educating them on how not to fall prey to phishers.
Aaron Higbee, chief technology officer, says identity thieves have moved beyond targeting PayPal and eBay users and are now targeting companies' workers by sending them official-looking e-mails asking them to do such things as update their 401k information, then stealing the data and maybe the funds; or, worse, from an IT security perspective, in messages that appear to originate from the IT department, asking end users to test their passwordsa by clicking on a url.
Belani says you can run the tests on your users multiple times and measure their (presumed) improvement. Users who fall victim to the phish bait are sent to areas where they're shown, in a comic-strip format, how to recognize a phishing expedition.
Be sure to include your top-level managers in any test you conduct, suggests Higbee. Criminals specifically target C-level execs in what are called "whaling attacks" because they (allegedly) know so much about the business.
PhishMe pricing starts at $4,800.
Free Insider Guide