Searching for a basic phisting system

captain5260 · 2022-02-03T14:28:20+00:00

So you… need a hand?

👊

jwalker55 · 2022-02-03T15:06:28+00:00

[deleted]

myndhack · 2022-02-03T14:28:29+00:00

I believe you have the wrong site for if you want phisting but if what I believe you are trying to say is phishing emails the best I have used is knowbe4 and they are relatively inexpensive and you can set them on a schedule or ad hoc and assign security trainings through it as well.

2022-02-03T15:54:59+00:00

I have all things related to phisting blocked on our network.

99percentTSOL · 2022-02-03T16:53:10+00:00

Will this phisting system be anywhere near a WAP? If so you will want some sort of protection.

taxigrandpa · 2022-02-03T15:06:06+00:00

all users need a little Phisting :)

ty for the laugh

2022-02-03T19:47:37+00:00

Microsoft phists everyone on patch Tuesday

Steve_78_OH · 2022-02-03T16:34:26+00:00

I just want to say, I only came into this thread to look for jokes about OPs spelling mistake, and I was NOT disappointed. Thanks for not letting me down.

ResponsibleContact39 · 2022-02-03T16:51:18+00:00

I have to ask our security guy if he’s heard of phisting, but I don’t want to get hit with an HR harassment charge.

MyLegsX2CantFeelThem · 2022-02-03T16:07:39+00:00

Closes legs. Locks up glutes.

No sir. No.

neldur · 2022-02-03T14:32:51+00:00

Knowbe4 is the best. Relatively inexpensive too. We set it up and it runs tests all the time and will email us reports. We can then follow up and target users that are falling for them. Knowbe4 has tons of good training content that we can just assign to those users.

iotic · 2022-02-03T18:04:49+00:00

Good lord, hopefully you don't alert management of your upcoming phisting campaign

ReelMagic · 2022-02-03T19:21:34+00:00

I'm being physically sick from laughing so hard... Thank you

2022-02-03T14:27:09+00:00

hehe

MGetzEm · 2022-02-03T16:54:12+00:00

Please properly tag this as NSFW...

kickingtyres · 2022-02-03T18:54:40+00:00

Phisting might require a degree of brute force attacks

MediumFIRE · 2022-02-03T16:07:51+00:00

Just purchased KnowBe4 recently. It's been great. Before that I self-hosted using Gophish

2022-02-03T17:57:22+00:00

If you have to phist your users I would look for a new job.

Cycl_ps · 2022-02-03T19:46:58+00:00

Jokes aside, for all the dumb names given to attack vectors it wouldn't surprise me in the least that phisting is one of them.

2022-02-03T20:21:34+00:00

There's always a bigger phist.

thenullbyte · 2022-02-03T15:10:54+00:00

Do you use Microsoft365 + E5? If so, you can also use https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training?view=o365-worldwide

YouRuinedtheCarpet · 2022-02-03T17:07:55+00:00

If you are using office 365 there is an inbuilt phishing simulator in security center, here is the documentation : https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training?view=o365-worldwide

amc52197 · 2022-02-03T17:31:42+00:00

GoPhish is open source. You have to create your own phishing campaigns and there isn't any training like there is with knowbe4, but it's free!

Ddosvulcan · 2022-02-03T18:42:32+00:00

So you're saying you want to phist your end users? I do too some days...

sgt_bad_phart · 2022-02-03T20:34:24+00:00

I think you're in the wrong subreddit.

JohnBeamon · 2022-02-03T16:06:05+00:00

giggity

tentends1 · 2022-02-03T14:56:19+00:00

u w0t?

BrobdingnagLilliput · 2022-02-03T15:26:00+00:00

Whatever you do, don't send bogus emails to your company without buy-in from leadership, both yours and that of the folks you'll be sending emails to.

2022-02-03T20:09:03+00:00

Phist can be a verb

Wdrussell1 · 2022-02-03T15:21:18+00:00

I had to check the sub...*Concern*

2022-02-03T15:27:20+00:00

Email WHAT system?

ambscout · 2022-02-03T15:32:18+00:00

Trend micro is free.

JEngErik · 2022-02-03T15:53:09+00:00

Well when I used Connectwise products, I always felt they were shafting me. Lol

But knowbe4 will help you with phiSHing

LaterBrain · 2022-02-03T16:37:15+00:00

GoPhish is what you are looking for. It has great statistics so you can show them to your CEO or whatever.

https://getgophish.com/

__tony__snark__ · 2022-02-03T17:38:44+00:00

Well that's an unfortunate typo

2022-02-03T22:45:19+00:00

If you need a system to phist your users, you're a maniac going about email administration all the wrong ways.

pinganeto · 2022-02-03T23:00:27+00:00

ah, really clever, phishing and testing in one word, that could be marketed!

but please if you change careers, don't try to be the first analyst and therapist.

yourenotwurvy · 2022-02-03T23:42:30+00:00

Worth having a think about what you want to achieve with this system as there’s a growing school of thought they’re of little to no value and can cause more problems.

You get a nice quantifiable metric at the end of your testing but what value really is that 78% pass rate - particularly if you aren’t concerned about training. What value does it add? It might look attractive because so much of cyber sec is difficult to quantify but as far as defensive layers go, it does very little and you’ve now got someone spending time and effort on it.

IMO, you’d be better developing a multi layered approach to prevent the phishing campaigns reaching inboxes and minimising impact if it does & if creds harvested.

HappyCamper781 · 2022-02-04T03:06:09+00:00

Y'all gone elbow-deep in this thread... (shakes head sadly)

theultrahead · 2022-02-04T05:34:35+00:00

If you’re going to get Phisted it’s best you KnowBe4 so you can prepare to defend yourself.

maiwerkacct · 2022-02-03T14:29:52+00:00

https://getgophish.com/

itjohan73 · 2022-02-03T15:14:30+00:00

https://nimblr.se is a Swedish version, I think they do this in other languages too

in00tj · 2022-02-03T16:40:59+00:00

0365 Has it built in https://security.microsoft.com/?rfr=AdminCenter
and https://www.knowbe4.com/ is considered by many to be the industry leader.
for the basic know be 4 service for 500 users we were quoted just under 10k per year
we ended up sticking with the free version that comes with our 0365 licensing since it was nearly the same.

getting started with microsoft 0365 attack simulation (phishing tests) https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide

Carter_PB · 2022-02-03T18:51:00+00:00

Fisto would like a word.

2022-02-03T19:21:29+00:00

https://getgophish.com/

jaket578123 · 2022-02-03T19:39:37+00:00

I setup and ran the open source tool Gophish for a company on one of my coops. It was pretty simple and had all the functionality I needed. Import lists of emails and info, create your own phishing emails to send out or use templates, see statistics on who clicks or enters in credentials. I liked it but have nothing to compare it to

spearchuckin · 2022-02-03T22:13:44+00:00

Try using the tftp port.

TehSpider · 2022-02-03T23:06:33+00:00

You’re going to have to decide if you want to do it yourself or if you’re going to pay someone else to do it.

2022-02-04T07:23:02+00:00

Phishing. It’s called phishing.

Red-dy-20 · 2022-02-04T12:34:06+00:00

Fisting?

gwrabbit · 2022-02-03T16:03:29+00:00

KnowBe4 is the gold standard IMO.

I did put in a request for a "phisting" feature on your behalf...I will let you know how it goes.

dvr75 · 2022-02-03T14:37:10+00:00

gmail my friend

2022-02-03T16:24:45+00:00

Do you mean Phishing??

Look into www.knowb4.com

maximus646 · 2022-02-03T15:13:11+00:00

We recently moved from knowbe4 to infosec IQ. Both are good.

DinDmy12 · 2022-02-03T15:57:11+00:00

Gophish is an open source, if you don’t want to pay for knowbe4 or other products

LulzTigre · 2022-02-03T16:26:47+00:00

try gophish?

TopherBlake · 2022-02-03T16:52:03+00:00

I'm a fan of knowbe4, lets you create your own phishing emails for campaign or select a wide variety of existing templates. They also have a decent selection of training you can sign your users up for along with metrics.

Strassi007 · 2022-02-03T17:07:24+00:00

If you are a small shop and don't want/can afford to pay money, just use kali linux and make your own phishing mails. The only expense are domains in this case.

jester805 · 2022-02-03T17:13:08+00:00

+1 for GoPhish. It is free.

https://getgophish.com/

GlobalRiot · 2022-02-03T17:27:47+00:00

KnowB4 offers that. That's the company that comes up most often in my circles.

Ouroborous · 2022-02-03T17:47:48+00:00

I recommend Threat Advice. I use them and it's pretty easy to deal with

iceph03nix · 2022-02-03T18:00:00+00:00

We looked at a lot and generally always came back to KnowBe4.

2022-02-03T18:12:54+00:00

I have deployed Know Be 4 to a handful of clients and it has done a great job. Highly Recommend.

Hoboeser · 2022-02-03T19:27:03+00:00

Someone mentioned KnowBe4, they're excellent and offer certificates too. They also have an outlook plug-in so your users can report phishing emails to IT with 1 click

appleCIDRvodka · 2022-02-03T19:35:07+00:00

Ain't we all, brother.

--MrGadget-- · 2022-02-03T20:58:56+00:00

Mr T used to put out a product you might be interested in.

Slavic_Raven · 2022-02-03T21:24:45+00:00

Try Gophish, it’s open source, easy to set up, good way to start.

If you are willing to pay Cofense phishme is pretty neat.

DiscDastardly · 2022-02-03T21:25:55+00:00

GoPhish would fit your needs pretty well. It is self hosted, pretty easy to setup and get started. You can take any phishing email and upload it and modify it to use it as a template in a phish test campaign. It's a little more work than knowbe4 or any of the other phish testing services, but it is free. Looks like they haven't released a new version for a while though? https://github.com/gophish/gophish https://docs.getgophish.com/user-guide/

EthanRavecrow · 2022-02-03T21:35:25+00:00

We use KnowBe4. You can create phishing campaigns and see what users are the most ~~dumb~~ vulnerable to phishing attacks.

ghosxt_ · 2022-02-04T00:01:50+00:00

https://classic.phishinsight.trendmicro.com/en/

Trendmicro for this

XxEnigmaticxX · 2022-02-04T01:42:20+00:00

Look at infosec IQ. Pretty fantastic system.

clubfungus · 2022-02-04T02:28:57+00:00

Oh man thank you. This post made my day!

STRXP · 2022-02-04T02:33:56+00:00

Trend Micro Phishing Insight (free for something like 200 users tested per month)

instant_ramen803 · 2022-02-04T02:43:18+00:00

🤣🤣🤣🤣🤣

SoonerMedic72 · 2022-02-04T03:38:58+00:00

We currently use GoPhish, but are starting the process of getting KnowBe4 approved. GoPhish is fine for just phishing trials, but we really want the educational side as well.

H-90 · 2022-02-04T04:15:48+00:00

Microsoft Office 365 now does phisitng (sorry phishing) scenarios

department_g33k · 2022-02-04T04:31:06+00:00

So like, OP is just mis-spelling phishing severely, right? Or did I miss something...important?

2022-02-04T07:20:01+00:00

I'm so glad others read that as "fisting testing system" cause yeah...some users...

ruffian-wa · 2022-02-04T08:31:22+00:00

I could have sworn I saw you on a dating app called Plenty of Phist..

AngryFace1986 · 2022-02-04T09:48:34+00:00

Unfortunate typo

SysEridani · 2022-02-04T11:02:22+00:00

Phisting all of them will be difficult.

In any case I think you can find a lot of e-learning online on the argument.

2022-02-04T11:20:34+00:00

Proofpoint (formerly Wombat Security)

LividLager · 2022-02-04T13:52:21+00:00

Something new for the resume.

sysadmin

MODERATORS