Blog
 

Phishing

man looking at his laptop with concern

 

97% of people around the world cannot identify a sophisticated phishing email. Can you?

Phishing, also known as social engineering, is an attempt by cybercriminals to gain private information such as login credentials or other sensitive information. This attack can be in person, over the phone, or in the form of an email. The email often appears to come from a legitimate source but may include:  a malicious link, a request for the recipient to fill out a form, or a request for the recipient to download an attachment that is infected with malware. Cybercriminals continue to use advanced techniques and can create emails that appear legitimate and that are very convincing. 91% of cyber-attacks begin with a phishing email.


 Will you take the bait?

Compare the two emails below to see if you can spot the Phishing email:

Email One

Email Two

Which is the Phishing Email?

Email One   OR   Email Two

 


 

 Know the signs

  • Do not trust emails requesting personal or confidential information. Most companies will never ask for credentials via email.
  • Beware of emails demanding urgent action.
  • Do not trust the display name. Cybercriminals will often spoof the display name of an email to impersonate a brand.

 


 


An easy-to-use phishing simulator that delivers real-world scenarios for reinforcing phishing attack prevention and remediation for susceptible users.

  • Unlimited phishing simulations
  • 100+ email templates – all customizable
  • Robust reports & analytics
  • ○ Identify susceptible users
  • ○ Compare performance over time
  • TGS can manage the training portal & phishing
  • Randomizer
  • ○ Randomizes both the template & delivery
  • USB drop campaigns
  • ○ Improves social engineering awareness
  • Auto assignment of courses for remediation
  • Customizable educational landing pages

 


 

 

PhishHook Outlook Add-in

Outlook add-in to ensure employees know exactly what to do when they come across a suspicious email.

  • Employees receive immediate positive reinforcement at time of identification of a PhishingReal simulated phishing attack
  • If the threat didn’t come from PhishingReal; the PhishHook app immediately sends notification to alert the system administrator
  • Proven to increase efficiency in identifying suspect phishing e-mails
  • Simple and effective tool that empowers users
  • Decreases the risk for network infections and intrusions


 

Phishing Courses

Phishing

12 min | Because today’s computers and networks are heavily defended from a direct assault, hackers are now much more likely to target end-users when trying to break in. This course teaches best practices for recognizing and preventing both phishing and spear-phishing attacks.

Defeating Social Engineers Standard & Advanced

10 or 17 min | End users have what a hacker wants – a computer that’s behind the network firewall, a network username and password, and possibly access to trade secrets, confidential information, and bank accounts. This course will teach end users how to identify and avoid giving away sensitive information to these hackers.

In-person Social Engineering

4 min | Social engineering attacks can often occur in person. In-person social engineers will use information obtained both online and offline, along with lies and manipulation, to gain access to your systems and facilities.

Social Engineering – How It Works

4 min | The more you learn about how social engineering works, the better you can defend yourself and your organization against social engineering attacks.

Online and Targeted Social Engineering

4 min | Social engineers may use both technical and non-technical methods in a “targeted attack,” aimed at select individuals. Attacks are tailored; therefore, they can be very difficult to recognize, making them an effective threat.

Social Engineering – Countermeasures and Incident Response

4 min | Understanding what to do in the event of a social engineering attack can be just as important as prevention. Utilizing effective countermeasures and incident response procedures will help you to avoid falling prey to social engineers.

Outwitting Internet Phishers

7 min | Phishers will typically send fake emails that appear to come from someone you trust, such as a bank, credit card company, or popular website. The email may ask you to “confirm your account details” and direct you to a website that looks just like the real website, but whose sole purpose is stealing your information.

Outwitting Spear Phishers

4 min | Whereas internet phishers target a wide audience by sending fake emails to any address they can find, spear phishers target a select group, or a few individuals, with a highly tailored message. This method is much harder to counter because the email messages can seem so authentic.

 


 

Sign Up for News & Announcements