Phishing Simulation Failure Rate Report
Review phishing simulation failure rates and what they reveal about user risk, training needs, and program maturity.
Review phishing simulation failure rates and what they reveal about user risk, training needs, and program maturity.
PhishingBox's KillPhish email threat protection add-in is a powerful addition to their already robust phishing simulation and training ecosystem.
PhishingBox, an industry leader in phishing simulation and training, announced today that it has successfully completed the SOC 2 Type 2 audit, which was conducted by MCM CPAs & Advisors LLP. The System Organization Control (SOC) is a reporting framework created by the American Institute of Certified Public Accountants (AICPA) that sets standards for managing customer and user data.
PhishingBox is excited to announce the addition of Advanced Human Detection (AHD) to the platform. This update will help security professionals save time by minimizing false positives caused by security and other anti-phishing software. AHD uses many data points to determine if a human performed the actions. Without AHD, the results of a simulated phishing test may be unreliable.
When analyzing the results of a phishing campaign, combating false positives is an ongoing and ever-changing process. Every security professional, on any platform, faces this problem every day, especially if they cannot 100% safelist their Phishing Simulator.
GitLab.com recently performed a spear phishing campaign where they targeted 50 of their employees in an attempt to see how vulnerable their team members were to phishing attacks. Using the domain "gitlab.company" and GSuite to deliver emails, those targeted were asked to click on a link to accept an upgraded Laptop from their IT department.
The following slideshare, authors Christopher Hadnagy and Michele Fincher outline ten steps to creating a phishing awareness campaign for an organization.
When conducting social engineering testing as part of an audit or security assessment, should the client provide a listing of employees to test? Doing so is generally termed white box testing, as detailed information is provided to the auditor. The term “white box testing” was ori
Although there is value in onsite social engineering, for the money offsite social engineering, such as that provided by PhishingBox is much more cost effective. Only in rare circumstances, will attackers attempt anything that require their physical presence. As such, most organizations do not need onsite testing.