September 1, 2020

Why is it a good idea to send out internal phishing scam emails to test employees?

"I get enough emails already! I don't need Phishing Training..." Famous Last Words.

Cyber security is becoming more and more of a problem. With technology always adapting and growing it becomes easier for malicious users to get to you and your company files. Email Phishing scams have become a big part of the cyber security problem. Recently hackers discovered something. That it is easier to get someone to make a human error then it would be to break through an expensive firewall. Now they are targeting employee emails. These emails include things that look identical to a section or technology solution that your company uses. Or it just makes things up completely by sending out an email that you won a free cruise! Some of these Phishing scams are easier to spot then others.

Employees should always be ready for this. Always searching for a reason not to click through a link that they don’t feel is safe. Things come in the form of attachments, links, and look almost identical to the real thing. But don’t be fooled... look a little closer and you’ll see that a letter is missing in gmai1, or your IT team doesn’t know how to spell pas$word. These are common errors the phishing scams will have. But because we are getting better at spotting them, the people behind the scenes on the creating end are finding was to make them even more realistic. Making popup windows that you enter your username and password into. Mimicking the exact look and feel of your email signature. It gets pretty scary how real they can be. It doesn't take much research to find a company logo on google. 

So, now that your afraid of these email scams you are ready hear the solution. Sending out internal phishing scams! Many managed IT service providers have an option and highly recommend the option to opt-in to receiving “test” emails. This means you can click on it follow the link and get “caught” but instead of all of your companies banking information getting sent out to the world and the dark web... you get send a training video and a message saying, “This was a test!” I know what your thinking. Your company is already getting tons of emails every day! You don’t need more emails sent to trick your employees and waste their time. But that you see is the point! The goal is to make your employees so fed up with training videos, and emails coming in that they will see them. Intuitively know it’s a fake. And delete it. Then that person will share with the IT team to rub it in their faces that THEY didn’t fall for their silly tricks this time!

Employees in your company should be using unique passwords and two-factor authentication ~ John Harte, Service Manager at Skycomp 

This all creates a culture and awareness around these emails and makes everyone ready for it. Many sites and companies offer solutions for sending these emails. If you have ever worked for a college or university, you know what is up already. But for those who are just breaking into the world of cubicles get ready for the long boring training videos.

Or… show you company Skycomp Solutions videos. Going through everything you need to know about cybersecurity. 

View all articles

Stop worrying about IT.

If our team sounds like a good fit for your organization, we’d love the opportunity to show you how we can help.