Go Phish Yourself!

Phishing HookNot trying to be rude here.  Phishing has become the most prevalent form of cyber-attack, and the reason for that is that IT WORKS!  It works because most people are very trusting and easily convinced, and are clicking on links and opening attachments without much concern.  It also works because most people have not been trained how to recognize a potential phishing message, and how to verify if the email is legitimate or a phishing scam.

Maybe the solution is to phish your own staff in order to see what happens.  The bad guys sure are.  They are phishing your staff every day, many times per day.   The good news is that a company called Duo Insight is offering a way to run phishing exploits against your staff as part of your cybersecurity awareness training program.  The best part is that it is free.

A quick look at the website makes it seem pretty straightforward to set up and account and get a  phishing test created and ready to run.  I haven’t had an opportunity to use this tool yet, but I am looking forward to giving it a try.  I’ll be sure to circle back around and let you know how it worked.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.