Free Phishing Security Test

Did you know that 91% of successful data breaches started with a spear phishing attack?

通过您的免费彩票app下载安全测试,找出您的员工中有多少比例的人容易受到彩票app下载攻击. Plus, see how you stack up against your peers with the new phishing Industry Benchmarks!

Phishing Security Test

IT专业人士已经意识到,作为额外的安全层,模拟彩票app下载测试是迫切需要的. Today, phishing your own users is just as important as having antivirus and a firewall. It is a fun and an effective cybersecurity best practice to patch your last line of defense: USERS

Why? If you don't do it yourself, the bad actors will. 

Here's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • 从20多种语言中选择,并根据您的环境自定义钓鱼测试模板
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page 
  • 在24小时内以电子邮件的形式发送PDF文件给您,其中包含您的钓鱼倾向百分比和图表,以便与管理人员分享
  • See how your organization compares to others in your industry


Start phishing your users now. Fill out the form, and get started immediately!

Sign up for your Free Test

Sign up for your Free Test


Phishing Defined

Phishing is the process of attempting to acquire sensitive information such as usernames, 密码和信用卡详细信息,伪装成一个可信赖的实体使用大量电子邮件,试图逃避垃圾邮件过滤器.

Emails claiming to be from popular social websites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering.

Phishing FAQs

What can be done to prevent phishing attacks?
这并不是一个详尽的列表,也没有什么“银弹”可以阻止彩票app下载. However, here is a brief list of what we have found to be best practices:
  1. Understand the risks you face
  2. Develop adequate policies
  3. Keep systems up-to-date
  4. Ensure you have good and recent backups
  5. Deploy anti-phishing solutions
  6. Implement best practices for user behavior
  7. Use robust threat intelligence

Additionally, here are our top 10 prevention tips to share with your users to help keep them safe from anywhere:

  1. Keep informed about phishing techniques
  2. Think before you click!
  3. Install an anti-phishing toolbar
  4. Verify a site’s security
  5. Check your online accounts regularly
  6. Keep your browser up to date
  7. Use firewalls
  8. Be wary of pop-ups
  9. Never give out personal information if you're unsure
  10. Use antivirus software 

Your last line of defense against phishing attacks is your users. That's why the most important step you can take towards prevention is a new-school security awareness training program combined with regular simulated phishing tests.

How does the Phishing Security Test work?



It works like this: The PST sends one email to each user in your organization. In our initial, free phishing security test, the email sent is a link test, which involves some text meant to lure the user into clicking an embedded link. Once the link is clicked, the user is directed to a Landing Page. 彩票app下载的基本登陆页面告诉用户,他们已经参加了模拟彩票app下载测试,并为他们提供了一些规则,以便在检查收件箱中的电子邮件时使用.

测试的结果包括未通过测试的用户数量除以收到测试的用户数量. 这将为您提供一个Phish-Prone百分比——PST“失败”的用户的百分比.

How do I phish my users?

彩票app下载和训练你的用户作为你的最后一道防线是保护你自己免受攻击的最好方法之一. Here are the 4 basic steps to follow: 

  1. Baseline Testing to assess the Phish-prone percentage of your users before training them. 你想要知道他们会和不会被攻击的程度,也想要有数据来衡量未来的成功.
  2. Train Your Users with on-demand, interactive, and engaging training so they really get the message.
  3. Phish Your Users at least once a month to reinforce the training and continue the learning process.
  4. See The Results for both training and phishing, getting as close to 0% Phish-prone as you possibly can

An additional 5 points to consider:

  1. Awareness in and of itself is only one piece of defense-in-depth, but crucial
  2. You can't and shouldn't do this alone
  3. You can't and shouldn't train on everything
  4. People only care about things that they feel are relevant to them
  5. The ongoing process is to help employees make smarter security decisions

...and what we've found to be the 5 best practices to embrace:

  1. Have explicit goals before starting
  2. Get the executive team involved
  3. Decide what behaviors you want to shape - choose 2 or 3 and work on those for 12-18 months
  4. Treat your program like a marketing effort
  5. Phish frequently, once a month minimum

Phishing your users is actually FUN! You can accomplish all of the above with our security awareness training program. 如果你需要帮助开始,无论你是不是一个客户,你可以建立自己的定制 Automated Security Awareness Program (ASAP) by answering 15-25 questions about your organization

I just sent a Phishing Security Test, now what?

运行测试后,您可以随时返回到您的帐户上查看结果 Dashboard page. You will be able to see your Phish-Prone Percentage,表明如果您的组织内部发生类似的彩票app下载攻击,您的脆弱性. You will also see how your Phish-Prone Percentage compares with others in your industry, 经过一年基于计算机的安全意识培训和模拟彩票app下载.

A PDF report will also be emailed to you automatically after 24 hours. 如果您想知道谁点击了,您的代表或经销商可以为您提供该信息!

Armed with this knowledge, 通过向用户介绍这些类型的攻击的危险性,您可以帮助保护您的组织. 参加KnowBe4新的校园安全意识培训可以帮助你实现这一目标. Through KnowBe4, 你可以训练你的用户发现警告信号,并保持他们的技能敏锐,发送假的钓鱼攻击就像在这个免费工具.

What are some common phishing email types?

Cybercriminals are constantly updating their phishing techniques. 虽然彩票app下载邮件的内容已经走过了很长一段路,并在多年来继续发展, here are a few basic variations that are most common: 

  1. Classic Phishing Email: Over the past few years, 在线服务提供商在发现用户账户上有不寻常或令人担忧的活动时,会给客户发消息. Not surprisingly, the bad guys are using this to their advantage. Many are designed poorly with bad grammar, etc. 但其他一些看起来足够合法,如果有人没有密切关注,就会点击.

  2. Social Media Exploits: 许多用户在Facebook、LinkedIn和Twitter等平台上有公开的信息. 坏人通过收集这些信息来制作针对您的用户和组织的有针对性的鱼叉式彩票app下载邮件. These emails are part of campaigns designed to hijack accounts, damage your organization's reputation, or gain access to your network. 
  3. Infected Attachments: Malicious .HTML attachments aren't seen as often as .JS or .DOC file attachments, but they are desirable for a couple of reasons. First, there is a low chance of antivirus detection since .HTML files are not commonly associated with email-borne attacks. Second, .HTML附件通常由银行和其他金融机构使用,因此人们习惯于在收件箱中看到它们. 

    钓鱼邮件中的恶意宏也已成为传播勒索软件的一种越来越常见的方式. These documents too often get past antivirus programs with no problem. The phishing emails contain a sense of urgency for the recipient. If users fail to enable the macros, the attack is unsuccessful.

  4. CEO Fraud Scams: CEO诈骗是一种诈骗类型,网络犯罪分子欺骗公司的电子邮件账户,冒充高管,试图欺骗会计或人力资源部门的员工执行未经授权的电汇, or sending out confidential tax information. Typically, cybercriminals have gathered enough data to know who they want to target.
Is mobile phishing getting worse?

2020年第一季度的移动彩票app下载攻击比2019年同期增长了475%, according to a recent report by Lookout. Attacks on mobile devices are nothing new, however they are gaining momentum as a corporate attack vector.

Attackers now take advantage of SMS, 还有一些当今最受欢迎和使用频率最高的社交媒体应用程序和消息平台, such as WhatsApp, Facebook Messenger, and Instagram, as a means of phishing. 忽视了这些新的攻击路径的安全专业人员将他们的组织置于危险之中.

Here are just a few phishing related risks posed by mobile device use:

  • Apps - lack built-in security. Free apps usually ask for a lot of access they shouldn’t need.
  • WiFi - your device typically picks up the strongest signal, 这可能是一个看似合法的流氓WiFi,但实际上是一个等待监控的攻击者, intercept or even alter communications from your device.
  • Bluetooth - can be used to spread viruses, 黑客可以利用它侵入手机,访问和利用你的组织的数据.
  • Human error -窃贼将丢失和失窃的设备卖给对数据比对设备本身更感兴趣的买家.
  • Smishing - aka phishing conducted via SMS. Similar to phishing emails, smishing短信的一个例子可能是引诱受害者透露个人信息. asking the recipient to take action on any number of seemingly mundane activities, i.e., 用户所在的银行声称发现了不寻常的活动,或者收到祝贺通知,说用户从他们最喜欢的商店中赢得了奖品.


Learn about more phishing examples, mobile phishing, and how to prevent attacks on our Ultimate Resource to Phishing.  

Get the latest about social engineering

Subscribe to CyberheistNews