Phishing Simulation
Why is the simulation carried out?
Industrial espionage and cybercrime cause annual losses of 223 billion euros in Germany alone. In the majority of cases, these attacks start with a phishing email that manipulates the recipient into clicking on dangerous links or attachments and thus allows the attackers access to sensitive company data or private information. To prevent such attacks from causing damage, it is therefore important to make all employees aware of the risks and correct handling of phishing e-mails.
What are the benefits of using the simulation?
The simulation helps you to detect harmful phishing emails in your work inbox and thus to protect yourself and your company from potentially great damage. You can also use the knowledge gained to reduce the risk of cyberattacks for yourself and your family. The tactics shown are often used for phishing attacks against individuals as well.
Are SoSafe's phishing emails dangerous in any way?
No, the e-mails are not dangerous, it is only a simulation. At no time are your personal/business data or end devices in danger. If you click on a link contained in one of our phishing emails, you will be taken to a learning page displayed in your browser. There you will find more detailed information about the simulation and, above all, concrete hints on how you could have identified this particular e-mail as a phishing attempt.
What should I do if a mail seems suspicious?
If your company has guidelines for handling spam and phishing emails, please follow them. Typically, you will contact your IT department, helpdesk, or service representative. From there you will be informed about the further procedure. If your company uses our Phishing Report Button (Microsoft Outlook add-in), all you have to do is click on it in Outlook and the email will be automatically forwarded to the right person/unit, depending on your organization’s settings. You will then also receive an immediate response in Outlook as to whether it was one of our phishing emails in the simulation or whether the email first needs to be analyzed by your company’s IT experts. Depending on your organization’s settings, the suspicious email will be deleted from your inbox or you can delete it manually. If you need the email again at a later time, you can contact your IT department, who can help you recover the email if necessary.
I have responded to one of the simulation's phishing emails. Will my response be forwarded to SoSafe?
Yes, these emails are received by our servers. However, they are immediately made completely anonymous and they are not assignable to any person. It is simply automatically evaluated whether a response was sent and whether it was a technical response (automatically generated by your mail server), an automatic absence note, or an actual response.
Your employer is notified of how many of the phishing emails were answered in total. However, they do not get any insight into the content of the answers or which user replied to the emails.
What happens if I have accidentally revealed my password information?
Some of our phishing emails will take you to a specially prepared website where, for example, you will be asked for your Windows password. No matter what you enter into the fields, we do not keep these data. You thus have nothing to worry about. Our server only registers that data have been entered. As part of the evaluation of the phishing simulation, your employer receives information as to how many of these input fields were filled during the simulation. It is not possible to trace which employee entered the data. No conclusions are drawn concerning individuals’ behavior.
However, it is generally recommended that you change your password immediately should you suspect that a real input screen you were using has been manipulated.
However, our simulated phishing websites with input screens are completely safe. It is not possible to enter passwords on these screens. You need not worry about your password falling into the wrong hands through our phishing simulation.