Phishing is a type of fraud by which a hacker tries to elicit personal information or credentials by impersonating a legitimate organisation by directing users to a malicious website.
Until recently, phishing was primarily aimed at the consumer market; malware was considered the biggest threat to businesses. Today, phishing is the top social attack on businesses, responsible for more than 90 percent of security breaches.
To train and, more importantly, test staff, a schedule of phishing campaigns are formed from pre-defined kits, which include configured emails and landing pages with explanations of error shown in clearly defined video training. These emails are sent at random times during a specified period, which prevents the “prairie dog effect” of employees warning one another that they’ve received a phishing email. This approach provides truer measurement of employee awareness.