Phishing Simulation Campaigns to Test Employees
Phishing is the most common form of social engineering attack. Around 90% of organisations experiencing targeted phishing attacks, and 22% of all breaches involving a phishing element.
- Reduce phishing risk
- Measure your training efficacy
- Avoid ransomware and spear phishing
Find out how Hut Six's Phishing Simulator can help you
What is Simulated Phishing Training?
Phishing simulation helps protect your organisation by training your employees to identify, avoid and report suspicious emails. Phishing your employees is a way to teach them about the tactics and techniques cyber criminals use to steal their personal information.
Attackers use phishing as a way to steal sensitive information such as logins, credit card numbers and identities. These attacks can be personalised through social media and deliver malicious payloads of malware, ransomware and spyware.
Ethical Phishing
As phishing is a distressing and worrying crime it is important that our simulated phishing is ethical. Rather than being used as a metric by which to punish employees, it needs to be an educational experience. Ethical phishing enables you educate users about the threats they face without causing additional stress or worry on behalf of the employees.
Phishing simulation tests also provides you with insights into potential risks. Understanding your employees’ actions and measuring their progress helps you manage your email security risk.
How to Defend Against Phishing Attacks?
Network security systems, spam filters, email gateways and firewalls all play an important role in protecting an organisation from phishing threats. However, without informed and vigilant users these protections are never going to be a total solution to phishing scams.
Enabling staff to defend against phishing protects your organisation and ensures your technological security investments are worthwhile. It also provides individuals with skills that can be transferred into preventing cyber crime their personal lives.
Reduce phishing risk
A single successful phishing attack can damage your organisation through lost time, revenue and client opinion. By measuring user interaction and educating people you can minimise the risks of clicking on dangerous emails, links and attachments. One of the key benefits of phishing training is encouraging employees to report phishing.
By launching simulated phishing campaigns, you can keep employees up-to-date and vigilant against the latest in phishing threats. With tell-tale malicious elements, you can record which of your people need further information security training.
Key Phishing Facts
Pervasive Malware
94% of malware was delivered by email. Although from the combined results of multiple security awareness vendors click rates in simulated phishing are going down to 3% from 25% in 2012.
Insufficient Training
77% of all UK workers have never received any form of information security training.
Widespread Phishing
According to UK government research, in 2021, 83% of businesses experienced phishing attacks against their organisation.
Attacks are only getting more sophisticated. More than two-thirds (68%) of all phishing sites use SSL protection.
What makes Hut Six's Phishing Simulator different?
Creating a Simulated Attack
Hut Six simulated phishing tests specialise in three stage attacks. These measure open rates, click rates and whether the user falls for the attack.
Simulated Phishing Emails
These templates mirror the most effective phishing tactics employed in real-world attacks. They use customisable attachments, images, HTML and user information, such as the user’s name and email address to test phishing susceptibility. Select from our range of custom security awareness email templates. Or you can design your own bespoke spear-phishing emails with our editor.
Custom phishing landing pages
The phishing landing page tests if the target is willing to divulge personal information to a potential attacker. This data is not be stored or transmitted; the only information sent acknowledges that the user had completed the form.
"Malicious" Websites
Each phishing landing page is specific to the attack and adds to the realism of the campaign. These pages can mimic social media logins, file sharing sites, banking, email and other important digital services.
Point-in-time Training
If a user is caught out by a simulated phishing attack, they are automatically taken to attack specific training modules. The tutorial will explain how the user could have spotted that it was a phishing email/web-page.
Specific phishing red flags
If a user successfully navigates the phishing emails they are congratulated at the end of the campaign. This phishing simulation test reinforces positive behaviour. It is important to clarify exactly what tactics the phishing scam was employing.
How to Use our Phishing Simulation Platform
Our flexible platform makes creating simulated phishing campaigns simple.
Target User Groups
Target different users and groups with attacks tailored to their behaviours and performance in past training. Adapt these groups as the campaign progresses to reactively train your organisation.
Schedule your campaign
Select the duration of the campaign and the times of day the phishing emails will be sent to your employees. Our system will then randomise delivery across your workforce.
Craft your Phishing Attacks
Choose from our range of phishing templates or create your own attacks to have the greatest impact for your particular organisation. Include attachments and links to gather more data.
Custom Phishing Editor
Customise your own simulated phishing attacks with our drag and drop editor and test your users against spear phishing. We developed this template creator to enable our clients to create their own custom phishing email templates. These cyber security awareness email templates each have a corresponding on-the-spot training page. Build your email attack with drag and drop text, personal information placeholders, image and video elements with our simple graphical interface. The editor also accepts html uploads for particularly convincing real world scams. Such as mimicking office 365. These templates can then be scheduled and deployed in a phishing campaign alongside regular templates.
Measure Behaviour Change
With Hut Six’s learning management system (LMS), employers can assess and track the performance of staff in the campaigns. Hut Six’s comprehensive solution builds a security aware culture by focusing on achieving meaningful behaviour change. Our dashboard displays comprehensive metrics, including open rates, click through rates, submissions and attack types, are measured across different user groups. Exportable phishing simulation reports show learning outcomes from the campaigns and can inform improvement over time.
Anti phishing training program
Security awareness training is part of any anti phishing strategy. Phishing simulation vendors' training solutions can vary in their sophistication and focus on education. We recommend using the phishing attack simulator to augment your training activities. By educating your staff regularly with interactive and engaging tutorials, you help to improve compliance, reduce the risk of successful cyber attack. Hut Six delivers an ongoing security awareness training program that covers all aspects of information and cyber security.
Ready to start building a secure culture within your organisation?
Start your Free Trial
Sign up for a free, 14-day trial. Experience the platform and show it to your team before making any decision with no payment details required.
Start Now
Book a Meeting
Meet with one of our team for a walk through of our phishing email simulator and to help us gain an understanding of your security awareness requirements.
Pick a Time
Our Successful Phishing Case Studies
Office for National Statistics
Jamee Davies, Information Security Systems Manager
IQE
“The Hut Six team have been amazing in their understanding of our needs as a business...”
Nigel Barge, IT Infrastructure Operations Manager
Getronics
“Hut Six removes the ‘boring’ from compliance without losing the importance of the message...”
Salvatore Baglieri, Head of Learning and Development
Hut Six's Phishing Simulation Tool
Features
- Real-time reporting and exportable pdfs per campaign
- Easily configurable phishing testing through the Hut Six wizard
- Consistently updated phishing attack template library
- Personal information placeholders allow you to simulate spear phishing at scale
- Multi-stage attacks which test the user and "steal" personal information
- Randomised email scheduling, automated accounting for time zones
- On-the-spot training for users who fall victim to the phishing attack
- Single Sign On (SSO), Active Directory Integration for user management
- Accessible across browsers and mobile compatible
- Phishing results reports across user groups and individuals
- Analysis of phishing risk by attack template and attack type
Benefits
Latest Blogs
New Phishing Simulator UI Update for Security Awareness Training
Our big feature change of 2024. Explore the newly updated phishing simulator, the process of creating simulated campaigns have never been easier. Making your Security Awareness journey more user friendly with our UI changes and our improved accessibility to account for the changes in WCAG 2.2
Busted: 3 Common Security Awareness Myths
Think security awareness training doesn’t work? Think again. Discover the truth behind 3 major myths that could be putting your business at risk!
New Cyber Hazard Tutorials
Hone your knowledge of your choice of Cyber Security topics in less than 2 minutes with Hut Six's new Cyber Hazard course. Immerse yourself in a variety of point-of-view scenarios and spot the hazards as they appear. Practise, revise, or prepare anytime with this invaluable new resource.
What is Basic Security Awareness Training?
Is your team prepared for cyber threats? Learn how Security Awareness Training can turn your employees into your best defence against cyber attacks. Find out more now!