Phishing Drills

By Roger on December 15, 2007 5:24 PM | | Comments (0) | TrackBacks (0)

Eweek has an interesting article on Phishing Drills. As the article points out, this isn't a new concept, but providing the drill.as a service makes it a lot easier to implement. phishme.com is a new service (not yet available) from Intrepidus. Its a paid service that allows you to set up a mock phishing exercise to evaluate your employees response to phishing and educate them if they fail.

It looks good, a flash demo on the site shows reports on how many recipients clicked the link and how many actually attempted to input information at the "phishing" site.

I find myself wondering a couple of things. Will they differentiate people who followed the link using a text browser from those who used a regular browser. That would indicate that they are investigating the link rather than falling for it. I'm also wondering if this test would run into problems with existing defenses. If I have to whitelist their sending IP that will show up in the mail headers. The users would then have an affirmative defense that they checked the source of the email and saw it was whitelisted.

Categories

General

Tags

0 TrackBacks

Listed below are links to blogs that reference this entry: Phishing Drills.

TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/638

Leave a comment

Powered by Ajax Comments

About this Entry

This page contains a single entry by Roger published on December 15, 2007 5:24 PM.

Quicktime 7.3.1 posted was the previous entry in this blog.

Yet Another SEP11 problem is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search