The pitfalls of using attacker impersonation methods
The value of performing live phishing tests relies on using impersonation the way attackers do. Live simulations have several limitations in this area that reduce their value for your security program.
Here are some key pitfalls I’ve discovered when using live tests to impersonate attackers:
1. Impersonating external entities (i.e., major brands or services) should not be spoofed without permission
2. Internal entities (e.g., service desk, payroll, HR) also do not appreciate being impersonated without their consultation
3. Internal entities almost always resist, or want to schedule the test for “a more convenient time”
When our phishing assessments face administrative and logistical barriers, they become a headache for IT Security managers. Or even worse, attackers know that there may be less testing on “operationally sensitive” parts of the organization, because of this.
[/et_pb_text][/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_image src=”https://clickarmor.ca/wp-content/uploads/2023/12/unsplashimage-17.png” alt=”Photo of a fish hook on a laptop to represent live phishing tests” title_text=”unsplashimage (17)” align=”center” _builder_version=”4.23.1″ _module_preset=”default” module_alignment=”center” hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″][/et_pb_image][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″]Image by Mohamed Hassan from Pixabay
[/et_pb_text][et_pb_cta title=”It’s been a “super-fantastic” experience to see people learning and talking about security threats.” button_url=”https://clickarmor.ca/quick-start-bundle-gamified-security-awareness-training-and-engagement/” button_text=”Start Your 6-Week Quick Start Bundle Now” _builder_version=”4.16″ _module_preset=”default” locked=”off” global_colors_info=”{}”]For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges. (Limited time offer. Normally valued at $999 USD)
Use Promo Code: 6WEEKS
[/et_pb_cta][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.16″ custom_padding=”8px|||||” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_text _builder_version=”4.17.6″ text_font_size=”20px” text_line_height=”1.8em” header_2_line_height=”1.4em” min_height=”8px” custom_margin=”-20px|||||” custom_padding=”22px||0px|||” global_colors_info=”{}”]So, when our testing scope becomes reduced due to inability to impersonate the attackers’ methods, live tests lose their value. We get more value from using methods that can cover attacker impersonation scenarios with fewer headaches, more efficiently.
[/et_pb_text][et_pb_button button_url=”https://clickarmor.ca/trial” button_text=”Book a free trial of Click Armor to start strengthening your security culture” button_alignment=”center” _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][/et_pb_button][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]
Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.
[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.16″ global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_post_nav prev_text=”Previous Post” next_text=”Next Post” _builder_version=”4.16″ title_text_color=”#ffffff” background_color=”rgba(14,79,136,0.68)” custom_padding=”5px|10px|5px|10px|true|true” border_radii=”on|4px|4px|4px|4px” border_width_all=”1px” global_colors_info=”{}”][/et_pb_post_nav][/et_pb_column][/et_pb_row][/et_pb_section]