“There is a crass saying in the security industry that you ‘can’t fix stupid,’ meaning that uninformed employees will always put your organization at risk,” said Rohyt Belani, CEO, PhishMe.com. “At PhishMe we not only disagree with this sentiment, we have made it our mission to help companies educate and train their employees, so that they can minimize the risk of their company falling prey to these user-oriented attacks. We are launching a free version of the PhishMe Consumer Edition games during the peak Internet shopping period to help consumers at home or while they are at work.”
PhishMe.com is urging employers to take the necessary steps to educate their employees and reduce the risk of phishing and malware attacks. In addition to the PhishMe Consumer Edition game, the company is recommending that every organization educate its employees on how to best avoid falling victim to an attack.
Belani continued: “Education is the key to protecting your business, employees and customers, from the majority of today’s phishing attacks. Many attacks can be thwarted if organizations regularly educate their staff on the types of tricks used by phishers.” Safety tips include:
Don’t take candy from strangers -- Be suspicious of unsolicited offers or emails, even if the email is personalized to you.
If it seems uncharacteristic, check with the source – phishers are getting smarter about using known contacts or corporate brands to trick people into sharing information or clicking links. Beware.
Don’t provide your username or password in an email or over the phone. Your corporate IT department will NEVER ask you for this information through these channels.
Don’t click links you don’t understand, unless you want to lose company data or worse yet – your identity.
Confirm the source of file attachments to emails (out of band) before opening them. File attachments are one of the most reliable mechanisms of propagating malware.
PhishMe Consumer Edition adds customizable interactive games to the suite of training modules enterprises can deliver to their staff and customers. Participants are presented with a series of scenarios and questions; asking them to indicate how they would respond to certain phishing elements they might receive in email. Correct answers add to the individual score and immediate training is provided to those players that miss the correct answer. At the end of the 9 question game, players are provided with a total score, this provides participants and employers with a fast and easy way to assess their Phishing IQ, so that they can better respond to real world attacks. A sample of the PhishMe Consumer Edition game focused on holiday shopping threats will be available free of charge until December 31, 2010 and can be accessed at: http://www.phishme.com/cyber_monday.php.
Consumer Edition is an extension of the comprehensive PhishMe Enterprise Edition, which provides a complete curriculum of PhishMe.com training options, further reducing the risk of an organization’s employees falling victim to phishing attacks. For additional information on the Enterprise Edition, or to sign up for a free trial, please visit: www.phishme.com.
PhishMe.com provides organizations the ability train their employees and customers about the risks of spear phishing with just a few simple clicks. With over one and a half million individuals trained since its launch in 2009, PhishMe provides a cost effective way to mitigate this challenge.The company has proven that its trainings can reduce the threat of employees falling victim to phishing attacks by up to 80 percent.
PhishMe.com helps prevent damage, theft and loss caused by targeted (spear) phishing attacks. The Company facilitates and automates the execution of mock phishing exercises against employees, provides clear and accurate reporting on user behavior, and most importantly provides instant, targeted employee training. PhishMe.com works with Federal Agencies and Fortune 1000 companies alike across multiple vertical market sectors including financial services, healthcare, higher education and defense. For additional information, please visit: www.phishme.com.