Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Are You at Risk From Phishing Attacks? Try Phishing Yourself

    By
    Sean Michael Kerner
    -
    July 12, 2016
    Share
    Facebook
    Twitter
    Linkedin
      phishing

      Most organizations know how much of a security risk phishing attacks are, but what isn’t always known is how well an organization and its employees are able to detect and deflect such attacks.
      Duo Security has run a number of surveys over the course of the year that have consistently revealed how poorly prepared many organizations are to deal with a phishing attack. A study conducted in March, for example, found that nearly half (49 percent) of surveyed customers who had trained their employees on phishing avoidance still have employees falling victim to phishing attacks.

      To that end, Duo Security announced on July 12 its Duo Insight service, which provides a free phishing simulation to help identify how an organization and its employees respond to phishing attacks.

      According to Duo Security, across the first 100 Duo Insight simulations conducted by beta testers, 27 percent of users clicked the phishing link but didn’t end up entering a username and password. Only 17 percent of the first 100 users actually clicked the link and entered their full credentials.

      As to why there was a gap between users who clicked on a link and entered credentials and those who didn’t enter credentials, Duo Security has a few ideas.

      “We attribute this gap to users who are more security conscious,” Ruoting Sun, principal product marketing manager at Duo Security, told eWEEK. The more security-conscious users likely looked at the Web address, were suspicious that they had to re-enter their credentials and recognized this as a phishing attempt after clicking the link, according to Sun.

      The fact that 17 percent of the first group of Duo Insight users fell for the phishing bait didn’t surprise Duo Security either.

      “We are not surprised by these numbers. These phish rates are in line with industry estimates and averages for targeted phishing campaigns,” Sun said.

      The Duo Insight system attempts to trick unsuspecting users by sending common business email correspondence. Duo Insight has the ability to detect what applications are used in a company and can recommend one of those as the target application used in the phishing email. Common applications including Salesforce, Outlook Web Access, Google Apps and Office 365 are all options that are available inside of Duo Insight for phishing emails.

      Sun explained that the Duo Insight administrator can customize the content of the phishing email, including whom it’s from, what the spoofed domain should be, what the email says and who is the email target. After the phishing email is sent, the administrator can log into a dashboard that shows who opened the email, who clicked on the link and who got phished. The dashboard can also report if a targeted device is out of date, as well as make an estimate on how much financial and time loss might be incurred from the phishing email based on industry comparables.

      The overall goal is to give organizations a better idea of who falls for phishing attacks and what devices are vulnerable in a network.

      “Most phishing templates are corporate emails, leveraging the fact that people are most likely to fall for phishing when it comes from a trustworthy source within the company,” Sun said. “This is especially likely to happen if there are already email credentials that are compromised within the organization.”

      The idea of testing the ability of an organization’s employees to detect a phishing attack is not a new one. There are multiple vendors, including PhishMe, that offer phishing readiness and testing services. A couple of benefits to choosing Duo Insight, according to Sun, is that it is a free tool and it’s easy for organizations to set up and deploy quickly.

      “Duo Insight automatically generates a report for the administrator showing the results of their phishing campaign, as well as a business case for investing in the right security tools to prevent data breaches in case user credentials and devices are compromised,” Sun said. “Solutions that provide authentication and insight into device hygiene are effective at protecting against breaches.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Avatar
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×