If you want to run the best phishing simulation tests possible that actually make your people more risk-aware, do these three things.
1. Make Phishing Tests Real
Make your phishing tests as real as possible. As the military maxim goes, ‘train as you fight, fight as you train’. While training for the D-Day landings, soldiers were instructed to make pretend gunshot sounds instead of pulling the trigger to conserve ammo (blanks still need casings) for the real event. When the real event came, soldiers would occasionally revert back to their training and shout ‘Bang, Bang!’ instead of pulling the trigger.
Don’t send those awful phishing emails that so many vendors push on you. Forget the Microsift and Goggle emails and logos. Don’t be afraid to use all of the official logos, style guides, and trademarks. Criminals don’t care about trademark infringement. When organised crime comes after your colleagues it will be branded like the real thing.
The best phishing tests use either real emails from real companies and replace the original links with phishing links or real, high-quality phishing emails sent by actual criminals and run the same scenarios that criminals are running for real.
[Read more…] about 3 Tips To Run The Best Phishing Tests In The World