Security Awareness Training

Security Awareness

What is phishing?

Phishing is a method of trying to gather personal information using deceptive emails and websites.

The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment.

What really distinguishes phishing is the form the message takes: the attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with. It's one of the oldest types of cyber attacks, dating back to the 1990s, and it's still one of the most widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated.

A single human error could lead your business to bankruptcy

With over 91% of successful data breaches starting with phishing attacks, a single human error could be fatal for a business.

By taking our assessment, you will find out what percentage of your employees are Phish-prone. As part of the XCentral Security Awareness Training, we will train your staff against phishing attacks and make your last defence line bulletproof.

 

91

% of cyber-attacks

start with phishing

What do phishing emails look like?

Some of you might already be familiar with fraudulent emails from banks, PayPal and government entities. However, the most common and successful attack vector we are seeing is hackers pretending to be a work peer of the victim. In this case, the hacker looks up LinkedIn for company hierarchy and tries to guess the victim's email address by sending random spams emails from a Gmail or other free hosting accounts. Once the hacker has the correct email address, he will start spamming the victim pretending to be a work colleague. The email that the victim receives could look very legit and most of us won't notice that is coming from a slightly different domain. If one of the victims opens the Phishing email and execute the payload: a new outbound rule would set up in their email client to forward all emails to an external address. Now the hacker has a copy of all the victim's emails and can plan the next attack. By seeing invoices from suppliers, customers and banks, the hacker can then create a spam email with a similar look and feel to ask to change the banking details. If the victim replies to the email and updates the banking details, the hacker has accomplished his mission and it will be too late to stop.

How can you tell if your staff is Phish-prone?

With XCentral's Security Awareness tool, you can simulate a real phishing attack on your staff and see the results in real-time. To make it more realistic, you can customise scenarios based on personal information, creating targeted spear-phishing campaigns and attachments. Thanks to the advanced reporting tool, you can target each user's weaknesses for point-of-failure education and create automated training campaigns with scheduled reminder emails.

27

% Phish-prone average percentage

during initial training period
13

% Phish-prone average percentage

after 3 months of training
2

% Phish-prone average percentage

after 12 months of training

What does the Security Awareness Training include?

We provide baseline testing to assess the Phish-prone percentage of your users through a simulated phishing attack.

The world's largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters. Automated training campaigns with scheduled reminder emails.

Best-in-class, fully automated simulated phishing attacks, hundreds of templates with unlimited usage, and community phishing templates.

Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management. Show the great ROI!

Talk to a Specialist

Visit Us

Suite 2.2 / 394 Lane Cove Road,
Macquarie Park NSW 2113

Telephone