JellyPhish – Simulated Phishing Testing and Cyber Awareness Training

 The dangers of phishing and spear phishing

Phishing is the fraudulent practice of sending emails supposedly from a known or trusted sender in order to encourage targeted individuals to reveal confidential information.

Phishing is one of the biggest cyber threats to businesses, in fact, 91% of successful data breaches start with a phishing attack. Spear phishing takes these attempts one step further and specifically targets individuals with information gathered from multiple sources to make the attack as believable as possible.

End users are the largest, most vulnerable target of phishing attacks in most organisations. In real-world attacks, end users are relentlessly bombarded with phishing and socially engineered schemes.

What is JellyPhish?

JellyPhish is a simulated phishing and cyber awareness training platform , designed to help employees become more vigilant when opening emails that could potentially be malicious.

It is a ‘two sided’ product, where both parts, (testing and training) are just as important as each other. 

How does JellyPhish work? 

Summary: The process involves Pyranet Cyber Security Specialists sending simulated phishing attacks to your employees, which have been carefully crafted in order to seem like a genuine email. Reports of the test will be sent to the main contact. The main contact will be able to see who clicked on what. In response to the results, online training videos, webinars and useful information are available to raise employee awareness of phishing, spear phishing, spam and malware threats.

For example, we may send an email to a Manager, posing as the Accounts department regarding invoice queries.

Each simulated email will prompt the recipient to click on links and attachments and fill in information, as typically, malicious phishing attacks use this technique.

Trial Period : In the first instance, no employees will be informed about the simulated attack. This allows Pyranet to gauge an accurate picture of the vulnerability level of your network.

After this initial test, you will receive a report outlining how many people opened the email and how many people clicked on the links or attachments.

Simulated Phishing

During the reporting process, you will receive information, such as the table below, which shows a list of all the users that were sent the simulated phishing email. The table details the phish prone rate of each user, and other information such as whether they clicked on the links or opened attachments.

Simulated Phishing

For the employees that fail the test (determined by whether they click on links, attachments, enter information into a cloned web page etc.), they can be redirected to a landing page, which explains that the email was a phishing test or led to an error page so that, at least initially, they are unaware of the test.

There will then be an option for you to assign employees to certain online training programmes specified by the business.

spear phishing online training

 

Ongoing Training: After the trial period has ended, employees can be informed that they will be subject to regular testing at random intervals at the business’ discretion, as well as being part of the ongoing training. There are usually significant changes in the attitude towards phishing and spam emails once employees are determined not to be caught out!

Pyranet will deploy an Outlook add-in that enables users to report phishing emails with one click. Users will be congratulated for reporting simulated emails, while non-simulated emails will be forwarded to Pyranet for review.

As with the trial period, a report will be sent to a manager after each campaign, detailing the results of the test. The amount of people opening and clicking on the simulated phishing emails should drastically drop from the trial period, which in turn should also mean that the amount of people opening non-simulated phishing emails should also decrease.

If there are still users that click on links or attachments, there is the option for managers to receive alerts on the specific kinds of emails that the employee is finding difficulty with identifying as phishing, which then allows for specific training modules to be put in place for that employee.

What does the training cover?

The training element of the JellyPhish product is just as essential as the simulated phishing emails. All training is done online, making it easy and accessible for all users.

The online training modules specialize in making sure employees understand the mechanisms of spam, phishing, spear-phishing, malware and social engineering, and are able to apply this knowledge in their day-to-day job. You will get high quality web-based interactive training combined with common traps, live demonstration videos, short comprehension tests and scenario-based Danger Zone exercises to ensure that cyber security is always at the front of employee’s minds.

We are able to tailor training modules around your business and your users, making sure that people who may struggle with identifying certain kinds of threats are provided with the necessary resources to build on their knowledge. Training is intuitive, user friendly and contains modules suitable for all businesses, from financial controllers to patient record handlers.

 

How does this help my business?

This exercise helps you as a business owner to understand how vulnerable your company is to phishing attacks based on how many of your employees fall bait to the simulated phishing attack.

Alongside this the constant, ongoing training provided ensures that employees are kept up to date on the latest threats and that being the last line of defense is always on their mind. We can also automatically enroll new starters so that they are given training as required by the business.

All online training is fully audited and PCI DSS compliant as standard which covers the User Training aspect of PCI compliance.

In the long term, JellyPhish helps employees become more vigilant and aware of the emails and attachments they open, and understand when to report an email as a phishing attack, potentially saving your business thousands of pounds.

How can I enquire about JellyPhish?

Call a member of the team on 0115 8 24 25 26 and pressing option 2 for Sales.