Go Phish Yourself!

Phishing HookNot trying to be rude here.  Phishing has become the most prevalent form of cyber-attack, and the reason for that is that IT WORKS!  It works because most people are very trusting and easily convinced, and are clicking on links and opening attachments without much concern.  It also works because most people have not been trained how to recognize a potential phishing message, and how to verify if the email is legitimate or a phishing scam.

Maybe the solution is to phish your own staff in order to see what happens.  The bad guys sure are.  They are phishing your staff every day, many times per day.   The good news is that a company called Duo Insight is offering a way to run phishing exploits against your staff as part of your cybersecurity awareness training program.  The best part is that it is free.

A quick look at the website makes it seem pretty straightforward to set up and account and get a  phishing test created and ready to run.  I haven’t had an opportunity to use this tool yet, but I am looking forward to giving it a try.  I’ll be sure to circle back around and let you know how it worked.


About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Senior Cybersecurity Engineer at Computer Integration Technologies, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment