anti phishing overview
TRANSCRIPT
Service Description
www.phish5.com Page 1
Introduction Phish5 provides a set of tools and reports to create and manage safe phishing campaigns
for your users as the best means of educating and reminding them of phishing scams
and the perils of opening “unexpected” emails, clicking on suspicious links and entering
password credentials just because they are requested.
The past few years have seen many high-profile, RSA, Microsoft and Google, companies
as well as thousands of other far lesser known organisations fall victim to targeted
phishing attacks. Because of its relative simplicity, spear phishing has become the
weapon of choice for cyber criminals. Now it is time to fight back and make your IT users
part of your security defence. Running irregular Phish5 Campaigns with your IT users will
attune them to this threat. Over time this will make them and your organisation far less
vulnerable to these attacks.
Phish5 – Phishing in 5 Steps There are essentially 5 steps involved in creating and launching a phishing campaign in
Phish5, all of which are completed in your browser. These are:
1. Create a new campaign giving it a name and description and any additional
details which are useful to you.
2. Add the email addresses of the victims. These can also be uploaded from a .csv
file.
3. Create the phishing email in our editor, from scratch or from one of our pre-
defined templates. You can also create and save your templates for future use
and editing.
4. Create the site(s) the phished users will see when they click on the phishing link
in the email you send them.
5. Confirm the data and launch the campaign
Step 1 - Setting up the Campaign
Service Description
www.phish5.com Page 2
Step 2 – Add the Email Addresses
The format for the email addresses is simple – John, Smith, [email protected]
Step 3 – Create the Phishing Email
Choose your email template, edit and save it if you wish, and then preview your email.
The service automatically checks the “from” address to ensure the email can be sent.
Service Description
www.phish5.com Page 3
By proceeding to the next step you can edit what is shown in the URL link in the email to
make that link look more authentic
Service Description
www.phish5.com Page 4
Step 4 – Create the Websites for the Phished Users
These are websites which are shown when one of your victims clicks on the link in your
email.
This could be a single web page which gives the user a notification that he has carelessly
clicked on a suspicious link in dubious email and that he should pay attention to some
criteria and information which you provide on this web page. Alternatively, you could
create a landing page from this link, which might request the user to enter his network
or email user name and password to get some specific or personal information.
Once you have added a POST form, you can edit a “logged in” page to notify the user of
the error of simply entering login data when requested to do so.
Service Description
www.phish5.com Page 5
Step 5 – Launch Your Campaign Once this is ready, simply click on the Launch Campaign button to run the campaign.
You can watch the progress in the dashboard and generate a full report on the activity.
In addition the report also highlights those victims with vulnerable software running on
their endpoints.
Service Description
www.phish5.com Page 6
What does the Phished User See?
The email
And if he clicks on the link, the web page
Service Description
www.phish5.com Page 7
And finally, if he enters his user name and password and clicks on “submit”, the
notification page. Please note that data entered on these forms are NOT stored. In
addition to not saving users’ passwords, phishing pages are automatically altered to
prevent passwords from being transmitted by the victim’s browser.
Why not sign up for your free trial today www.phish5.com/signup