Got phished? Of course you have…whether you know it or not!
As with penetration and vulnerability testing and any other form of security assessment, you need to be performing email phishing tests on your users – all of them, including executive management – on a periodic and consistent basis. I’m doing more and more of this work and the results that I’m finding are astounding…to the point that all other security testing could be stopped and existing security technologies could be eliminated unless and until this situation is under control. I’m finding these gaping holes in IT and security programs not because I’m smart…I just use good tools and know what to do/say beyond traditional email phishing testing – which, by the way, stinks out loud in most organizations and serves as a mere checkbox item.
I’m not going to give away all of my secrets – that’s what my independent email phishing consulting services are for. But I will share with you some insight and tips that you’re probably not going to find elsewhere or that might require some painstaking “experience” to learn otherwise. Here you go:
Be sure to check out to all of my other information security resources on my website when you get a chance. Cheers!