LABS GALLERY: SocialPET Lets Businesses Phish Their Own Employees to Test Security Smarts

1
2
3
4
5
6
7
8
1 of 8

LABS GALLERY: SocialPET Lets Businesses Phish Their Own Employees to Test Security Smarts

by Jim Rapoza

2 of 8

Setup

To get started with SocialPET, you add the names and e-mails of the users who will receive the test phishing e-mail and create a false e-mail to send the message from.

3 of 8

Templates

SocialPET includes a number of templates for different security tests, including sending info on a new Web mail interface and information on a required system patch. The templates create basic e-mail text that can be edited.

4 of 8

The Phish

Once a SocialPET test has been activated, users receive a phishing e-mail directing them to a fraudulent Website.

5 of 8

The Response

In this test, users are sent to a fake Outlook Web Access page. No matter what log-in is used, the page will fail to load and will return to the log-in page.

6 of 8

Fake Patch Page

Other phishing tests include fake patches and fake anti-virus pages. On this page, clicking on the Download and Apply Patch button will do nothing (except notify the admin that the employee has failed the test).

7 of 8

Basic Reports

Once a phishing test is completed, SocialPET provides basic reports that show how employees fared on the test. The report also displays a graph comparing your company's score against other companies'.

8 of 8

Report Details

Additional reports include details about what individual employees did during the phishing test. SocialPET can also generate a PDF report.

Top White Papers and Webcasts