Security awareness

Boost Phishing Resilience With SecurityIQ Phishy Domains

January 3, 2018 by Megan Sawle

Verizon’s latest data breach report shows 43% of data breaches stem from phishing attacks. It also reports large increases in ransomware and social engineering, especially in finance and healthcare.

Other major security studies raise further alarm: According to a new study from Google, most phishing victims are unaware their accounts are at risk — up to 25% continue to use their credentials following a breach.

It’s clear the phishing threat is here to stay and that many users are not prepared to fight this growing vulnerability. Fortunately, SecurityIQ’s new Phishy Domains feature can prepare your team for even the trickiest of attacks.

What are Phishy Domains?

Phishy Domains let you to send phishing simulations to your team from any available domain and TLD. This prepares your employees for one of the most effective phishing methods used by hackers — typosquatting.

Typosquatting occurs when hackers register domain names similar to trusted sites but with slightly different spellings. These websites are then used in phishing attacks to trick users into entering credentials or installing malware. Examples of typosquatting include:

  • Infosecinsttute.com (correct address is infosecinstitute.com)
  • Resourcess.infosecinstitute.com (correct address is resources.infosecinstitute.com)
  • Securitylq.infosecinstitute.com (correct address is Securityiq.infosecinstitute.com)

SecurityIQ’s Phishy Domains are fully registered and functional. Once registered, you can use these domains to launch data-entry, drive-by or attachment phishing simulations. We recommend registering several variations of your organization’s own domain. This will increase the difficulty of your simulations and also protect your organization from similar phishing attacks in the future.

What Happens if Employees Fail the Simulation?

If your employees fail a simulation, SecurityIQ displays the same email, with phishing indicators, in their browser. Indicators explain exactly what they missed — in this case, a suspicious domain — in the teachable moment.

Employee performance is logged in SecurityIQ and used to personalize future trainings. This means everyone on your team will receive a 1:1 security awareness training experience tailored to their individual security aptitude.

About SecurityIQ
SecurityIQ integrates security awareness training, phishing simulations and personalized learning in one platform to drop organizational phishing susceptibility rates and motivate behavioral change. Learn more.

Posted: January 3, 2018
Author
Megan Sawle
View Profile

Megan Sawle is a communications and research professional with 10 years of experience in cybersecurity, bioscience and higher education. Megan leads Infosec’s research strategy, leveraging study findings to mature its cybersecurity education offerings and build awareness of cybersecurity diversity and skill shortage challenges. Since joining the team, she’s directed research projects on a wide variety of cybersecurity topics ranging from dark web marketplaces and phishing kits to the Workforce Framework for Cybersecurity (NICE Framework) and the importance of soft skills in cybersecurity roles. Megan is a University of Wisconsin-Stout graduate, an avid equestrian and (very) amateur mycologist.

Leave a Reply

Your email address will not be published.