Phishing attacks are still the most common way criminals attempt to launch a cyber-attack. The global ransomware attack WannaCry, which infected more than 200,000 computers including large parts of the NHS, originated from a simple phishing email.
The new platform, built by cloud hosting firm UKFast, allows employers to launch pre-built phishing campaigns to a set group of employees within an organisation, whether that’s an individual, a department or a geographic region.
The campaigns replicate some of the most commonly seen and most successful phishing attacks, with emails from the likes of Twitter, PayPal or even from individuals internally within the business.
The programme then provides a breakdown of which users opened the email, clicked the links and submitted data via the faked landing pages. Training materials and modules can then be delivered to employees failing to identify the emails as malicious.
UKFast CTO Neil Lathwood said: “Phishing is the place that most hackers start if they want to launch targeted attacks against a company. It's proven to be one of the best ways to gain more information from high-level employees, who tend to fall for it a lot. They are also the ones most likely to hold critical data.
“Often the employees that you'd expect to be savvy about phishing attacks are the ones who leave the door open.
“We’re seeing ever more inventive and sophisticated attacks. Hackers create fake email chains with apparent conversations between board members discussing a particular activity. The victim is then copied in at the end, with the supposed board members asking the employee to take an action, whether that's inadvertently uploading a malicious file by clicking a link within the email or making a payment to a bogus account.
“It's always the human element that is the weakest link in the chain. Phishing as a Service gives businesses the facility to test that link without incurring significant damage.”
156 million phishing emails are sent every day. Of the businesses and charities that suffered a cyber-breach or attack in the last year, 80% identified a phishing attack as the likely cause, making it the most common type of attack.