"They begin with aggressive spear phishing," said MANDIANT® when describing the
APT1 Attack Lifecycle. PhishMe® has responded by providing our clients the ability to easily emulate these attacks and to use the proven teach-by-immersion techniques to make their employees more resilient to them.
"Attackers are spending more time researching their potential victims on the Internet and sending multiple emails to them that appear more conversational,"
said Aaron Higbee, Chief Technology Officer and co-founder of PhishMe. "Thus, we have introduced new features customers can use to automatically create spear phishing recipient groups based on highly Internet-visible employees in their organization. We have also released a new phishing simulation method that allows customers to craft, execute, and track conversational phishing awareness campaigns. And finally, we have introduced a statistically sound method for our customers to benchmark their results against their peers."
Highly Visible Targets Identifier: Scours Publicly Available Information to Further Customize PhishMe's Emulated Spear Phishing Emails
Trend Micro® indicated in a recent report that employees whose email addresses and personal information are highly exposed on the Internet are more susceptible to receiving targeted phishing emails. PhishMe's new Highly Visible Target Identifier provides information security teams the ability to emulate the data-gathering techniques used by hackers with the click of a button. The email addresses and other information harvested via this feature can be used to further customize and tailor spear phishing emails to the respective recipients.
Benchmarking : Anonymously Compare User Susceptibility to Phishing Schemes Across Various Industries
The new Benchmarking feature allows customers to run identical scenarios and compare their results anonymously with each other. PhishMe is the only company of its kind with a customer base large enough to offer this capability with results that are statistically sound. "I'm proud that PhishMe has grown large enough for us to share spear phishing data. Comparing individual scenario results is just the beginning," Higbee added. "As the datasets grow, we will continue to unlock meaningful benchmarks that organizations can use to compare their awareness efforts."
Double-Barrel: Replicate the Two-Pronged Conversational Approach Spear Phishers use to Gain Access to Sensitive Data and Corporate Networks
"It's legit," said APT1 in a second email described by MANDIANT's® report that details a two-part spear phishing attack. Spear phishers can build trust with potential victims by sending a 'benign' email, followed by a malicious one or vice-versa and emulate real conversation. The new Double Barrel feature provides PhishMe's clients with the ability to easily emulate, train against, and track responses to such sophisticated multi-pronged attacks. "We service customers at all different levels. The PhishMe Double Barrel scenarios are intended for organizations that have successfully trained their employees on identifying less sophisticated attacks and need to up the ante," Higbee said.
PhishMe provides organizations the ability to improve their employees'
resilience towards spear phishing, malware, and drive-by attacks. The detailed metrics PhishMe provides make it easy to measure the organization's progress in successfully managing employees' security behavior. With over 3.5 million individuals trained in 140 countries, PhishMe has been proven to reduce the threat of employees falling victim to advanced cyber attacks by up to 80%.
PhishMe's methodology entails periodically immersing employees in simulated phishing scenarios, and presenting bite-sized, engaging training, instantly to those found susceptible. The solution provides clear and accurate reporting on user behavior, allowing customers to measure improvement over time. PhishMe works with Federal Agencies and Fortune 1000 companies across many industries to include financial services, healthcare, higher education and defense. For additional information, please visit: www.phishme.com.