In April 2025, we conducted another phishing test to evaluate our organization’s resilience against phishing attacks. This test was one of the more challenging tests we have sent, yet it provided valuable insights into our cybersecurity awareness. Out of 512 recipients, 178 failures occurred from the phishing test. We are incredibly thankful to the 103 […]
Author Archives: zmiddlet
Anatomy of a Phish: March 2025 Phishing Simulation
In March 2025, we conducted another phishing test to evaluate our organization’s resilience against phishing attacks. This test was particularly challenging, yet it provided valuable insights into our cybersecurity awareness. Out of 507 recipients, 64 failures occurred from the phishing test. We are incredibly thankful to the 165 individuals who reported the phishing email. The […]
Anatomy of a Phish: February 2025 Phishing Simulation
Last February, we conducted a phishing test to assess our organization’s vulnerability to phishing attacks. Out of 507 recipients, 110 failures unfortunately occurred for the phishing attempt. This test was crucial in highlighting the importance of being vigilant and recognizing the common red flags in phishing emails. We are incredibly thankful to the 141 individuals […]
Anatomy of a Phish: January 2025 Phishing Simulation
In January 2025, we conducted another phishing test to evaluate our organization’s resilience against phishing attacks. This test provided valuable insights into our cybersecurity awareness. Out of 491 recipients, 26 failures occurred for the phishing attempt. We are incredibly thankful to the 218 individuals who reported the phishing email. The first report came in just […]
Anatomy of a Phish: August 2024 Phishing Simulation
Test Inspiration: The phishing email for this test was crafted to resemble an official communication from Delta Airlines, leveraging the recent disruptions caused by the CrowdStrike outage on July 19, which impacted Delta’s flight operations. Delta had publicly announced efforts to make things right for affected customers, including offering travel waivers and vouchers. Phishing Email […]
Anatomy of a Phish: July 2024 Phishing Simulation
Test Inspiration: Recently, the University System of Georgia experienced a surge in cybersecurity attacks targeting employee pay through direct deposits. Cybercriminals used phishing emails to obtain credentials and DUO codes, allowing them to alter direct deposit information and cause financial loss. Employees affected by such fraud are advised to report the theft to law enforcement, […]
Anatomy of a Phish: May 2024 Phishing Simulation
Test Inspiration: In early 2023, Cloudflare detected and blocked a phishing campaign leveraging the Microsoft brand in an attempt to harvest credentials through a legitimate — but compromised — site. Phishing Email Context: The phishing email designed for this test mimicked an official Microsoft password expiration notification. It used a personalization messaging such as the […]
Anatomy of a Phish: April 2024 Phishing Simulation
Test Inspiration: This simple phishing email was inspired from one that I have used in my personal studies. This is a very generic email that attempts to get the user open a malicious attachment. In the attachment, I have created a macro that will execute a malicious payload that open a connection back to an […]
Anatomy of a Phish: March 2024 Phishing Simulation
Test Inspiration: As the April tax filing deadline in the US approached, March witnessed a significant uptick in phishing emails impersonating the IRS. This trend was not isolated to the US alone. The end of the global fiscal year saw similar impersonation attempts targeting HM Revenue and Customs in the UK, as well as other […]
Anatomy of a Phish: February 2024 Phishing Simulation
Test Inspiration: RingCentral, similar to platforms like Teams or Slack, is a renowned communications tool. Its widespread use in the business sector makes it familiar to many professionals, and thus, an attractive target for cybercriminals. Attackers often craft emails with stylized HTML designs that resemble genuine RingCentral notifications. A common bait is to alert the […]