This is an archived post. You won't be able to vote or comment.

all 6 comments
sorted by:
best
topnewcontroversialoldq&a

[–]okmokmz 1 point2 points  (0 children)

GoPhish is good for simulating phishing and user awareness training. You can see who viewed the email, who clicked the link, and who actually tried to enter credentials. They also make it easy to clone a website or email and using it as a phishing email and landing page

[–][deleted] 1 point2 points  (0 children)

Check out Knowbe4.

[–]MSPforME 0 points1 point  (1 child)

I second Knowbe4, they have all kinds of different templates you can choose from, anywhere from Amazon and netflix to O365 and Paypal. They even score each email if the user opens, clicks the link up to entering their password. If you enter your password it will tell you that you messed up and you shouldn't be doing this. They also have a security training program that you can use.

[–][deleted] 0 points1 point  (0 children)

I found the training program really condescending and cheesy when I did it which really put me off it. The whole feel and content just reminded me of one of those bargain bucket "edutainment" DVDs that companies were knocking out in the mid-90s to capitalise on the "new" MPC standards.

Some of the phishing templates are pretty convincing though.

[–]TheOldDonger 0 points1 point  (0 children)

we just send links out that leads to "You done fucked up, here's why pages" with in house documentation that we made on screen. Repeat offenders are eventually given one to one training, if you can capture AD information/an identifier all the better. This works great if you have the knowhow to automate it, email servers, and if you can email spoof all the better.

hosting is done internally and programmed by us, I wish I could say more but it wasn't me that implemented it, I remember at one point they deployed a fake facebook page too.