The problem of email based phishing has become a major problem for every organisation, large or small and regardless of geography. According to the Verizon 2015 Data Breach Investigations Report, email was a key method of delivering malware, with CrimeWare alone representing 25.1 percent of all cyber crime activities.
Phishing attacks target unsuspecting users; fake emails arrive in the user’s inbox and they appear to come from a trustworthy source. These emails are designed to mislead the user into giving away confidential private information, such as their password, or credit card details or corporate data such as trade secrets or business plans.
Organisations have realised the importance in training employees to recognise these phishing attacks, as the impact of just one employee falling victim can have a negative impact on a company’s brand and reputation.
The loss of confidential information is not the only concern. Hackers may embed malicious malware within the email in the form of links or attachments which, when clicked or opened, will install programs and infect their device. Once infected, the computer can be monitored making all activity, including keystrokes visible to the hacker.
The perpetrators of these omnipresent email attacks can camouflage themselves behind bogus domains in foreign mail servers with little fear of detection.
MetaCompliance has a history of supporting our customers to improve the preparedness of their employees in order to counter information security and compliance threats. The MetaPhish simulated phishing module is a key part of our cyber security and compliance awareness suite of products. Combined with our leading policy management, user survey, and eLearning courses the MetaPhish software module delivers the most comprehensive suite of software for managing the culture change. This change is required to ensure your organisation can mitigate the risk of data breaches and regulatory sanctions.
Based on our Cloud technology MetaPhish is a fully functional simulated phishing product that provides end user learning experiences at the point of need: just after a user has clicked on a simulated Phishing email. MetaPhish will enable organisations to improve employee awareness of phishing, identify the percentage of users that are vulnerable to these phishing attacks and outline the risks and the need for additional training. MetaPhish will help develop a powerful defence against phishing attacks by training your employees to identify and respond appropriately to these threats.
MetaPhish is populated with a range of email templates that can be used to evaluate the state of readiness of an organisation’s user base when it comes to their susceptibility to inbound phishing emails. These templates can be matched with relevant domain names that improve the ease of use within your organisation’s network. If required, tailored templates can be developed for your organisation by our in-house content design team.
MetaPhish allows an organisation to schedule simulated phishing campaigns throughout the year. Possibly to coincide with outside calendar events such as the end of the tax year or holiday periods such as Christmas.
The power of MetaPhish as a simulated phishing system is enhanced when used in conjunction with our policy management, user survey and eLearning functionality. The combination of the MetaCompliance software modules comprises the most comprehensive cyber security and compliance awareness environment available for modern enterprises that are looking to improve their security and compliance posture.
MetaPhish allows the administrator to target specific users with relevant phishing emails and in order to ensure a targeted learning experience, a warning notice, an infographic, a survey/quiz, or a piece of eLearning is presented to the user. A specific attestation is then obtained from the user that flows through to the MetaPhish reporting functionality for analysis. The reports will highlight if your awareness campaign is making progress, as your users improve their ability to protect themselves against phishing attacks.
It is with the MetaPhish reporting that an organisation obtains a profile of how susceptible their company is to fraudulent phishing emails. The key is to identify those users that require additional training. It is also possible for the end user to request additional training during the interaction with the learning experience.