I ran a phishing test on my team using a free template versus a custom one I wrote. The custom one caught 80% more people.

3 comments

3 Comments

Our IT guy did a test with a fake pizza party invite from the principal. Got half the staff. It's like what young.ryan said, you just need the right bait. We're all just fish in a barrel.

wendy_henderson212d ago

That's so true about generic stuff getting ignored. It's like those mass marketing emails everyone just deletes. But a text that looks like it's from a friend? People stop and read. Same with phone calls, a local number gets answered way more than some random 800 one. The personal touch breaks through the noise.

young.ryan2d ago

Yeah, that bit about a text from a friend is spot on. We did a test last year with a fake shipping notice that used the boss's name and our internal project code words. Click rate went through the roof compared to the usual "your account is locked" junk. It's scary how well a little inside info works. Makes you realize training has to be way more specific than just "don't click links.