|Basics of PhishMe||»|
|Fitting Your Culture||»|
|How PhishMe Works||»|
|Attachment Based Scenarios||»|
As a Software-as-a-Service (SAAS) offering, PhishMe is executed and delivered from the Internet, effectively emulating the attack methods used by malicious hackers. With an annual license, you will have an account provisioned for your designated administrators to access the system and construct your customized phishing scenarios. Multiple administrators can be authorized to have access to the scenario creation and reporting sections of the product.
Recipient groups are created and populated with email addresses through a simple CSV or XLS file import wizard. The groups are normally based on how our customers currently measure IT security metrics.
Creating Different Scenarios
Changing user behavior is the core goal of the PhishMe product. Administrators can utilize different methods of training for your recipients. These scenarios can be developed from our pre-built, customizable templates or from scratch based on the current training requirements.
PhishMe provides three core types of scenarios based upon the latest strategies and techniques utilized by hackers, with many prebuilt themes in each major type:
Like data entry, administrators can customize a preset theme to create the bait for the scenario, or build one from scratch. An email is created that urges the recipient to click on the embedded link. Once clicked, the recipient is forwarded to the selected training materials.
Many of our customers use this type of scenario to help users learn to dissect the underlying URL inside the email. PhishMe provides some highly sophisticated DNS features to replicate real-world tactics, which helps demonstrate to the user what to look for when examining a URL.
At the most basic level, the underlying URL can be an IP address, either plain numerical or concealed in octal or hexadecimal code. PhishMe can also provide more sophisticated URL’s replicating the organizations domain and putting it in front of one of the many domains PhishMe has registered for use on such mock exercises. We can also assist customers in setting up appropriate DNS information so that they can register specific domains that are related to their brand for these scenarios.
Accessing Training Materials
If you have specific policy or educational materials inside the organization and they are not Internet-accessible, you can redirect the users to the training materials. You can also customize any of our educational messages for the scenario.
With the visual editor, inserting your logo, adapting color schemes and altering the message is extraordinarily simple. We also have an interactive multi-question game for a more light-hearted approach to the training materials.
As the scenarios run, PhishMe collects information on individual responses and activities. Our reporting module provides you with visibility on activity in real time. This includes an overall understanding of the number and percentage of recipients that fall for the scam as well as detailed results by individual.
We are able to identify the recipient’s location and their browsing environment. We also provide graphical overviews as well as detailed results, all of which can help understand how different parts of the organization respond to the scenarios and help to target scenarios appropriately in the future.
PhishMe lets you easily evaluate results over time. With our trend graphing, you can select specific scenario results and see progress in the recipient groups over time or compare performance across organizational groups. For more information, please look at our detailed reporting page.