Say Cheeese!

You have been phished!


Oh snap! We just successfully performed a phishing attack...

Because we can

Cool huh? Ok, enough teasing around..

Go to your email client and send an email to your IT team with the subject "You win" to learn more about what just happened.

What is Phishing?

Phishing attacks are a cybercriminals most effective way to gain access to devices and accounts.

They can be simple or complex.

Any platform can be used in phishing scams.
Email, texting, Facebook, Linked-In, phone call, website, you name it and there is a way to use it in a phishing scam.

The Basics

Cybercriminals use human nature to trick their target.

Many cybercriminals "do their homework" before they start their attack.

This "homework" often involves researching the company and employees in the company.

They use the information found to impersonate key people in the company or create a scenario where they seem like a legitimate person/company to continue interacting with.

Sometimes cybercriminals compromise an external account and use it to gain trust or access with their target.

How do I prevent this from happeneing?

Key points to mitigate email/phishing scams:

  • Do not trust the source of the email. Always verify the email address.

  • Verify the source, destination, and authorization before sending or receiving funds.

  • Try not to click links in emails without verifying where they go.
    If you are going to a financial institution, it is better to go to a web browser and type the URL for the home page.

  • Beware of email attachments.
    If you have even a split second of doubt about the email, don't open the attachment.
    Try to verify the source if possible or have IT inspect the email/attachment.