Sponsor Robert Siciliano as he runs the Boston Marathon for Miles for Miracles, Children's Hospital Boston
ROBERT SICILIANO is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.


Check here if you're human


Finding out which Employees keep clicking on Phishing E-mails

Pin It

You have the best IT security, but dang it…the bad guys keep getting in. This means someone inside your house keeps opening the back door and letting the thieves slip inside. You have to find out who this enabler in your company is, and it may be more than one.

11DThey don’t know they’re letting in the crooks, because the crooks are disguising themselves as someone from your company or a vendor or some other reputable entity.

After figuring out who these welcome-mat throwers are, you then have to continuously keep them trained to recognize the thieves.

So how do you locate these gullible employees? The following might come to mind:

  • Create a make-believe malicious website. Then create an e-mail campaign—toss out the net and see how many phish you can catch. You must make the message seem like it’s coming from you, or the CEO, or IT director, a customer, a vendor, the company credit union, what-have-you.
  • You’ll need to know how to use a mail server to spoof the sender address so that it appears it really did come from you, the CEO, IT director, etc.
  • This giant undertaking will take away good time from you and will be a hassle, and that’s if you already have the knowledge to construct this project.
  • But if you hire an extraneous security expert or phish-finder specialist to create, execute and track the campaign, you’ll be paying big bucks, and remember, the campaign is not a one-time venture like, for example, the yearly sexual harassment training. It needs to be ongoing.
  • What leads to a data breach is that one doggone click. Thus, your “find out who the enabler is” should center on that one single click.
  • This means you don’t have to create a fake website and all that other stuff.
  • Send out some make-believe phishing e-mails to get an idea of who’s click-prone.
  • Set these people aside and vigorously train them in the art of social engineering. Don’t just lecture what it is and the different types. Actually have each employee come up with five ways they themselves would use social engineering if they had to play hacker for a day.
  • Once or twice a month, send them staged phishing e-mails and see who bites.
  • But let your employees know that they will receive these random phishing tests. This will keep them on their toes, especially if they know that there will be consequences for making that single click. Maybe the single click could lead them to a page that says in huge red letters, “BUSTED!”
  • This approach will make employees slow down and be less reflexive when it comes to clicking a link inside an e-mail.
  • Of course, you can always institute a new policy: Never click on any links in any e-mails no matter whom the sender is. This will eliminate the need for employees to analyze an e-mail or go “Hmmmm, should I or shouldn’t I?” The no-click rule will encourage employees to immediately delete the e-mail.
  • But you should still send them the mock phishing e-mails anyways to see who disregards this rule. Then give them consequences.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

About the Author
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.

Similar Posts

  • Protect Yourself from Phishing
    Everyone has received very obvious “phishing” e-mails: Messages in your in-box that have outrageous subject lines like “Your Account Will Be Suspended,” or, “You Won!” While some phishing attacks are obvious, others look harmless, such as those in a person’s workplace in-box, seemingly from their company’s higher-ups. Researchers point out that an e-mail may appear to come
  • Look out for Shipping E-mail Phishing Scams
    Stop clicking on e-mails about your package delivery! Scam, scam, scam! Look, it’s simple: Scammers are also pretending to be from the DHL and FedEx shipping companies, not just UPS. Crooks know that at any given time, thousands and thousands of U.S. people are waiting for a package delivery. So these cyber thieves send out mass e-mails by
  • Phishing works and here’s why
    A phishing e-mail is sent by a cyberthief to trick its recipient into revealing sensitive information so that the crook could steal money from the recipient or gain access to a business’s classified information. One way to lure an employee is for the crook to make the e-mail appear like it was sent by the
  • Why You should file your Tax Return Yesterday
    Someone else might file your taxes if you don’t get to it. And they won’t be doing it as a favor; they’ll be doing it to steal your identity. Here’s how it works: Cyber thieves send fraudulent e-mails to a business’s employees. The e-mails are designed to look like they came from the big wigs at the company. As
  • Be aware of all these Confidence Crimes
    Criminals often rely on tricking their victims to gain access to their passwords and other account information. This act of tricking is called social engineering, also known as a confidence crime, and it comes in many forms. A type of phishing e-mail where the criminal targets someone specific is called spearphishing. The spearphishing e-mail will look

Comments are closed.

Xtreme School

Featured in

Anderson Cooper John Stossel Robert Siciliano Featured in
Browse by Month

Browse by Category