One of the advanced features that makes PhishMe so unique is its ability to simulate attacks that unleash malware on an organization through a file attached in an email. PhishMe provides you with the ability to develop a scenario where the user is delivered a seemingly legitimate attachment, just as the attacker would. Instead of unleashing malware, the attachment contains training materials to help the user understand the signs they should have recognized in the email that would have led them to conclude that the attachment was malware and not opened it.

This technique was central to the compromise of the RSA Security network, which cyber-attackers breached and obtained information related to the company’s SecurID technology. RSA later disclosed that the phishing attack contained an attachment that exploited a zero-day vulnerability in Adobe Reader. Thanks to the interesting subject matter in the email, the employee pulled the message from the junk folder and opened the attachment. Unknowingly, the file contained a Flash based zero-day exploit which compromised his system. The subsequent compromise of the network, and attacks on clients using the SecurID product was from this initial entry point to the RSA network.

PhishMe's Attachment Scenarios

NEXT: Game Edition of PhishMe >>

Back to top ↑