Cyber Security Institute

Tuesday, July 22, 2008

Security Service Tests Staff Vigilance Against Phishing Attacks

PhishMe, a new security SAAS offering from the Intrepidus Group, enables companies to launch mock phishing attacks against their own employees in the name of improving e-mail security.  “We developed a Web-based portal which is PhishMe.com, which allows our clients to drive the creation and execution of mock phishing exercises,” said Intrepidus CEO Rohyt Belani.  “We provided them all the tools ...  so in under 30 minutes they can actually set up a mock phishing attack [that] closely mimics a real phishing attack that a spear phisher would execute against the employees.”  Studies have shown spear phishing, which involves targeted attacks against a domain or organization, has picked up in the past several months.

Officials at VeriSign’s iDefense Labs reported last month that 15,000 people fell victim to spear phishing attacks by two different groups during the preceding 15 months.

Intrepidus provides templates to help organizations simulate attacks and allows organizations to measure, track and report on employees’ responses to the tests.

PhishMe does not collect sensitive information, Higbee said, explaining that JavaScript on the Web site overrides anything users actually input into fields during tests.

http://www.eweek.com/c/a/Security/Security-Service-Helps-Organizations-Test-Awareness-of-Phishing-Attacks/?kc=rss