Dummy Phishing Emails

Phishing emails are very common, even outside of the workplace. Messages from foreign royalty or an executor of a distant relative’s estate. Some of them are obviously fake, but the phishing emails which cybercriminals use tend to be harder to spot and easier to fall for. They are realistic mock-ups of emails from real companies. They might be well-researched and refer to real clients or co-workers to seem more genuine. Your whole team needs to be aware of what to watch out for in their inbox and feel confident that they can identify a phishing email if they receive one.

Hackers will send emails which appear to be messages from trusted contacts. These emails often try to persuade you to click on a dangerous link, download malware or ransomware, or supply confidential information like passwords or bank details.

Phishing emails which are designed for a single target and not sent on mass are known as “spearphishing” emails. They might send hyper-targeted phishing emails that are sent to specific targets like your business’s CEO or system admin.

The repercussions for your business of falling for a phishing email could be severe.

• You might be tricked into downloading ransomware which encrypts your business’s data until you pay off the hacker.
• A hacker could trick you into supplying your login information by sending you to a fake website that looks like a service you use, like Google, Amazon, or Microsoft.
• You might be tricked into handing over other sensitive information like bank details or your customer information.

Here are things you need to be aware of to spot a phishing email…

• Bad Grammar, Punctuation, or Spelling
  Widespread phishing scams often come from non-English speaking countries, so be on the lookout for poor spelling, incorrect grammar, or odd punctuation. However, Spearphishing emails are more likely to originate from a native English speaker and translation software is improving all the time, so an email having perfect spelling does not automatically mean it’s safe.
• The Email Is Rushing You
  Phishing emails often push you to act immediately. Typically, emails which instruct you to “act now,” “respond in the next 24 hours,” etc. are false. If you are genuinely worried that there may be an emergency, you should contact the person directly via another method (phone, SMS) in order to confirm with them that the email was genuine.
• Modifications to Email Addresses
  This one can be more challenging to identify, but frequently the spammer will have chosen an email domain that is remarkably close to a real domain. For instance, they may utilize microosoft.com (with two Os). Your eye will quickly recognize the domain you were expecting to see and won’t notice the changed letters. Always carefully check the domain if you have any doubts about an email.

We can supply phishing email awareness training and then follow it up with randomized dummy phishing emails. Your team members will be regularly sent fake phishing emails which use all the same tactics as real ones but without the risk of compromising your business.

If the simulated phishing email is successful in getting one of your team members to click on a link or reveal sensitive information, they are then forwarded to an online refresher course that reviews how to recognize phishing emails and highlights for them the signs that they should have clocked in the dummy email they were just sent.

This raises awareness among your staff about phishing emails because they really don’t want to click on the false email, which would reveal to everyone watching the test that they aren’t being cautious enough about the links they click.

An employee who clicked on a genuine phishing email could claim they were unaware of its existence if you don’t periodically test your team and warn them about the dangers of real phishing emails. Your team will have regular testing and reminders thanks to the phishing email simulations in place. This keeps your whole team engaged in your cybersecurity.