So many successful attacks begin with a phishing campaign which may be targeted at your specific organization or a broader target set. In fact, at least 1/3 of all breaches involve phishing and 94% of malware is delivered by email. Combatting such attacks is both a technical challenge that encompasses email, endpoint and network security but equally important is your user base’s susceptibility to social engineering and their awareness of phishing.
If you can stop an attack at the phishing stage, you are nipping it in the bud before it ever really gets off the ground. So, it pays to know how resilient you are on both levels.
Fortunately, there is an awesome open source toolkit, Gophish, designed to help you easily run well-designed phishing campaigns and quantify their “success”. You can choose which groups of users in your organization to target and send them to a landing page – such as a login portal and even measure your stolen credentials.
In this real training for free event we will show you how to setup Gophish and how to run a campaign in six steps:
- Configuring the sending profile - the mail server
- Choosing users & groups - who receives the phishes
- Editing email template - the email users receive
- Customizing the landing page - usually a log-in page
- Launching the campaign
- Monitoring the campaign results on the dashboard
We will also discuss important human factors since phishing is social engineering, things like:
- How to make the phishing email compelling
- Using open-source intelligence (OSINT) to craft your email – imitating the bad guys
- How believable should the phish be? Is there such a thing as too good?
We will talk about varying levels of difficulty ranging from:
- Free gold scam
- Sales deals/coupons
- Problem with account
- HR policy updates
- Problem with paychecks/bonus
Rapid7 is our sponsor and Rapid7’s Senior Security Consultant, Patrick Laverty, will demonstrate Gophish during this hands-on, technical real training for free session. Then a solutions engineer will briefly show you how Rapid7’s technology InsightIDR, can help protect you from phishing attacks.
Please join us for this real training for free session.