Phish your employees for fun! presented at GrrCon 2016

by Kristoffer Marshall,

Summary : 2015 was the milestone year companies started realizing that IT security is no longer a suggestion, but mandatory to stay in business. All of the SIEM tools, antivirus, firewalls, IDS, man traps, video cameras, and policies won’t protect you from your biggest vulnerability – your employees. Anti-phishing education can be fun, and you can do it too with a little know-how and a cheap server. This is a technical discussion on how to be the bad guy for a minute to demonstrate how real the threat of social engineering is. This is one step toward educating your organization in security awareness, and it can be fun, engaging, and competitive for the end users. Phish your own employees before someone else does and everyone learns a lesson the hard way.