Abstract
People in IT eco-system are becoming ‘favorite’ targets because, 1. they remain weakest link and 2. organisation are becoming mature in securing technology. For a security tester, it is a daunting task to set up a phishing campaign, which includes, decide a look-alike domain, buy it, setup a phishing website with infrastructure, design an email and choose target audience, track the open/click/download and build the analytics. All of these activities are time-consuming and demands a certain skill-set.
Phishing Simulation provides one-stop-solution for organisation to understand security awareness posture without actually performing ’live’ phishing attack. Phishing Simulation prepares phishing assessment with tailor-made questions specific to organisation, facilitates target users to complete the assessment, provides an intuitive tutorial and builds the analytics on basis of responses and the meta-data collected about user.
Phishing Simulation has 2 modules: Admin Module: This module will be used by tester to setup and monitor phishing assessments
- On the basis of inputs provided by tester like organisation name, email ID, domain name, tool automatically generates questions with tailor-made data such as look-alike domains using typo-squatting technique, spoofed sender address, look-alike web-site content
- Assessment will comprise of questions having phishing web-site, spear-phishing email, SMiShing, scenario-based question to make it close to real-world phishing attacks
- Tool also provides analytics in form of graphs to represent security awareness posture of organisation by different categories such as department, employee, target-user action
Client Module: This module will be used by target user to complete the assessment and view tutorial
- Every user within a campaign itself will have 10 unique questions to answer, with the mix of positive and negative scenarios
- Passing criteria is to answer every question correct because all it takes is just one click!