Today, we’re excited to unveil the newest feature in PhishDeck, Target and List data export.
The name suggests how simple this new feature really is – you can now export in addition to the already existing Campaign results export, you can now also export Target and List data in both CSV and JSON. The new data export features in PhishDeck now allow you to easily export per-Target or per-List data for further analysis for using spreadsheet applications, or any other application or bespoke script that accepts CSV or JSON input.
Humans aren’t great with passwords – specifically, in creating strong, random, unique passwords and keeping them private. This leads to issues ranging from account takeovers (when an attacker takes control of a victim’s account by obtaining their password), to financial scams and identity theft (when goods or services are bought or sold using a stolen identity), to data breaches and other security incidents.
The truth is that we suck at passwords because passwords are in many ways, flawed.
Phishing simulation, also referred to as a phishing test, is used to test how susceptible an organization is to phishing. More importantly, phishing simulation allows organizations to prepare how to respond in the event of a real attack. Phishing simulation typically involves recipients, or targets, within an organization receiving a simulated phishing email that is intended to mimic a real phishing attack.
Typically, like real phishing emails, phishing simulation emails are intended to trick their target into performing some action at the request of an attacker.
Two-factor authentication, commonly shortened to 2FA, or referred to as two-step verification, dual-factor authentication or multi-factor authentication; refers to the process whereby users are asked to verify their identity using more than one (typically two) authentication factor. The purpose of using two-factor authentication is to prevent an attacker who has compromised a user’s password from being able to log into an account – the attacker will need to get past the second factor of authentication in order to successfully log in, drastically reducing the chances of the user’s account being taken over.
Advanced phishing attacks are becoming increasingly commonplace with tools that allow attackers to harvest credentials, bypass Two-factor authentication (2FA), as well as run automated post-exploit scripts the instant you enter your credentials. This post takes a look at our journey towards releasing Phinn, the real-time phishing simulation proxy that sits at the core of the PhishDeck phishing simulation platform.
The Problem In recent years we have seen a dramatic surge and shift in the phishing landscape that we have not seen in a very long time.
For better or for worse, passwords play an integral role in authenticating us in almost every conceivable application we use. Whether it’s logging onto your computer, checking your email or using a CRM, chances are you needed to enter a combination of a username/email address and a password often referred to as credentials.
The combination of a username and a password is important – a username alone is incomplete without a password and vice versa.
Business Email Compromise (BEC), sometimes also referred to as “CEO Fraud”, is nothing but a modern twist on the financial scams of old. Cybercriminals engaging in BEC attacks rely on social engineering techniques such as phishing and spear-phishing, sometimes combined with credential harvesting and other attack patterns, to masquerade as an important company figure requesting information or the completion of an action by a lower-level employee.
At its heart, Business Email Compromise (BEC) is a deception game.
Testing your company’s susceptibility to phishing isn’t something you can put off anymore. PhishDeck does phishing simulation quickly and effectively.
iGaming B2B provider and industry titan Gaming Innovation Group (GiG) has been using PhishDeck to simulate advanced phishing campaigns since the beginning of 2019.
Gaming Innovation Group (GiG) is a leading iGaming technology company, providing solutions, products and services to iGaming Operators. Founded in 2012, Gaming Innovation Group’s vision is ‘To be the industry-leading platform and media provider delivering world-class solutions to our iGaming partners and their customers’.
Spearphishing is a type of phishing attack which is targeted towards a specific individual, group of individuals or business as opposed to mass-phishing campaigns that target thousands of victims. Spearphishing emails are often designed to steal specific data, or install malware on the target’s computer or device.
Spear phishing attacks are not usually initiated by random cybercriminals, but rather, are more specific to the victim, and are more likely to be conducted by cybercriminals seeking financial and intellectual property gain.
Social engineering refers to a broad range of malicious methods of tricking, manipulating and exploiting people into performing actions or divulging sensitive information they otherwise wouldn’t.
Rather than breaking into a system through the use of a technical flaw, a social engineer would use techniques such as phishing or spear-phishing to lure their target into completing their desired action.
Social engineering attacks can be both targeted towards a specific individual, as well as generic.