Boost Phishing Resilience With SecurityIQ Phishy Domains
January 3, 2018
Verizon’s latest data breach report shows 43% of data breaches stem from phishing attacks. It also reports large increases in ransomware and social engineering, especially in finance and healthcare.
Other major security studies raise further alarm: According to a new study from Google, most phishing victims are unaware their accounts are at risk — up to 25% continue to use their credentials following a breach.
It’s clear the phishing threat is here to stay and that many users are not prepared to fight this growing vulnerability. Fortunately, SecurityIQ’s new Phishy Domains feature can prepare your team for even the trickiest of attacks.
What are Phishy Domains?
Phishy Domains let you to send phishing simulations to your team from any available domain and TLD. This prepares your employees for one of the most effective phishing methods used by hackers — typosquatting.
Typosquatting occurs when hackers register domain names similar to trusted sites but with slightly different spellings. These websites are then used in phishing attacks to trick users into entering credentials or installing malware. Examples of typosquatting include:
- Infosecinsttute.com (correct address is infosecinstitute.com)
- Resourcess.infosecinstitute.com (correct address is resources.infosecinstitute.com)
- Securitylq.infosecinstitute.com (correct address is Securityiq.infosecinstitute.com)
SecurityIQ’s Phishy Domains are fully registered and functional. Once registered, you can use these domains to launch data-entry, drive-by or attachment phishing simulations. We recommend registering several variations of your organization’s own domain. This will increase the difficulty of your simulations and also protect your organization from similar phishing attacks in the future.
What Happens if Employees Fail the Simulation?
If your employees fail a simulation, SecurityIQ displays the same email, with phishing indicators, in their browser. Indicators explain exactly what they missed — in this case, a suspicious domain — in the teachable moment.
Employee performance is logged in SecurityIQ and used to personalize future trainings. This means everyone on your team will receive a 1:1 security awareness training experience tailored to their individual security aptitude.
SecurityIQ integrates security awareness training, phishing simulations and personalized learning in one platform to drop organizational phishing susceptibility rates and motivate behavioral change. Learn more.