Attack-based phish testing creates fear, anxiety, and doubt in end users. It does not create awareness, harms IT, and misinforms management. Despite representing a billion dollar industry, traditional attack-based phish testing is fundamentally flawed. It causes untold problems for IT departments, individual users, and Managed Service Providers. Studies have shown it can even lead to more clicks by end users! This article outlines the fundamental flaws in attack-based phishing. It goes on to outline improvements from educational, positive outcome phish testing assignments that teach users how to finally spot every phishing attack and delete or avoid it.
Phishing attacks represent 90% of successful breaches at Small to Medium Sized Businesses (SMBs). Learn what they are and how to protect yourself from them at CyberHoot.com.
Impersonation email phishing attacks are rampant online. Do not trust an External email from your CEO or CFO if it seems unexpected, urgently needs your attention, and seems off in some unexplainable way. Pick up the phone and call that person or send them a separate text message (not email) to confirm their request.