Phishing Your Employees 101
The Simple Phishing Toolkit includes a site scraper that can clone any Web page — such as a corporate Intranet or Webmail login page — with a single click, and ships with an easy-to-use phishing lure creator.
An education package is bundled with the toolkit that allows administrators to record various metrics about how recipients respond, such as whether a link was clicked, the date and time the link was followed, and the user’s Internet address, browser and operating system. Lists of targets to receive the phishing lure can be loaded into the toolkit via a spreadsheet file.
The makers of the software, two longtime system administrators who asked to be identified only by their first names so as not to jeopardize their day jobs, say they created it to help companies educate employees about the dangers of phishing scams.
As pointed out, it’s almost a necessity to have something like this today.
It seems that not long ago, the idea of organizations phishing their own employees was controversial. These days, there are a number of organizations that offer this awareness training as a service. If you’d rather design and execute the training in-house, SPT looks like a great option.
- Phishing: US Government or ID10T? (renaevans.wordpress.com)
- Phishing – Run From the Hook! (zachner.me)
- Recursive phishing email (boingboing.net)
Posted on February 9, 2012, in attacks, Cybersecurity, Network Administration, Phishing, Security tips and tagged Crime, Identity theft, Intranet, IP address, Phish, SPT, Web page, Webmail. Bookmark the permalink. Comments Off on Phishing Your Employees 101.