If you are looking to fully outsource your phishing awareness program, PhishMe can also be deployed as a fully managed solution. Our operations and support team can work to augment your staff’s efforts, providing the bulk of the work required to develop and launch appropriate training exercises for your staff. Your team reviews and approves the schedule, as well as the specific scenario and educational content to be delivered to your users.

Based on your input, we create scenarios for the program and identify a general timeline. The categories below are representative of the type of general scenarios we can start with:

• General Population – Quarterly organizational wide scenario
• High Risk Groups – Monthly scenario for high risk groups
• Boutique Scenarios – Specialized scenarios on a random basis to targeted groups
• Repeat Victim Scenarios – Additional training for individuals who are repeatedly susceptible

Increasingly Sophisticated Scenarios

The program is established so that each successive scenario is slightly more sophisticated than the previous. The first scenario may have intentionally introduced typos in the email content, a raw IP address in the underlying phishing link and a basic phishing web page without much customization. This will allow your employees to learn some of the basics first, before moving on to more advanced scenarios that can be tuned to include tactics such as FDC logos on the phishing page, hexadecimal encoding of URLs, and more.

By gradually increasing the sophistication level and focusing each exercise on a couple of aspects of identifying phishing emails, your users will gain a greater grasp of the concepts.

Training Materials

As for the training materials, as indicated above, we make them bite-sized and focused on only a couple of aspects of phishing each time. Just like the attacks themselves, the training materials will begin with a simple discussion on the spoofing of the from address in an email and the instillation of urgency via email content the first time. Discussing URL dissection can be the topic the next time, more complex SSL issues after that, and so on. By the third scenario or so, we will adapt the emails to contain attachments and train employees to think before double-clicking on the attachment to open it.

Management Reports

In addition to the detailed reporting provided inside the PhishMe environment, our support and operations team will create a management report for each individual scenario. Our standard reporting template provides a complete overview of the scenario and results, and we can adjust this format to meet your particular reporting requirements.

NEXT: Consulting License >>

Back to top ↑