Friday, February 29, 2008

Phish Me

Last night's NOVASec meeting was an interesting affair. After the presentation by Stratum Security, there was a lively discussion about targeted attacks and how unprepared many organizations are in facing this threat. Intrepidus Group founder Aaron Higbee introduced me to his phishme.com site. Looking over the service, it delivers an essential user training and social engineering testing function by allowing the penetration tester to develop custom targeted emails against a client. It tracks the deliveries, who opens the emails and who clicks the baited links inside, generating a graphical report for delivery to management. This is a great way to gauge the effectiveness of user awareness training programs and identify susceptible users that need retraining. Great product, Intrepidus!

No comments: