Test Inspiration: The phishing email for this test was crafted to resemble an official communication from Delta Airlines, leveraging the recent disruptions caused by the CrowdStrike outage on July 19, which impacted Delta’s flight operations. Delta had publicly announced efforts to make things right for affected customers, including offering travel waivers and vouchers. Phishing Email […]
Author Archives: zmiddlet
Anatomy of a Phish: July 2024 Phishing Simulation
Test Inspiration: Recently, the University System of Georgia experienced a surge in cybersecurity attacks targeting employee pay through direct deposits. Cybercriminals used phishing emails to obtain credentials and DUO codes, allowing them to alter direct deposit information and cause financial loss. Employees affected by such fraud are advised to report the theft to law enforcement, […]
Anatomy of a Phish: May 2024 Phishing Simulation
Test Inspiration: In early 2023, Cloudflare detected and blocked a phishing campaign leveraging the Microsoft brand in an attempt to harvest credentials through a legitimate — but compromised — site. Phishing Email Context: The phishing email designed for this test mimicked an official Microsoft password expiration notification. It used a personalization messaging such as the […]
Anatomy of a Phish: April 2024 Phishing Simulation
Test Inspiration: This simple phishing email was inspired from one that I have used in my personal studies. This is a very generic email that attempts to get the user open a malicious attachment. In the attachment, I have created a macro that will execute a malicious payload that open a connection back to an […]
Anatomy of a Phish: March 2024 Phishing Simulation
Test Inspiration: As the April tax filing deadline in the US approached, March witnessed a significant uptick in phishing emails impersonating the IRS. This trend was not isolated to the US alone. The end of the global fiscal year saw similar impersonation attempts targeting HM Revenue and Customs in the UK, as well as other […]
Anatomy of a Phish: February 2024 Phishing Simulation
Test Inspiration: RingCentral, similar to platforms like Teams or Slack, is a renowned communications tool. Its widespread use in the business sector makes it familiar to many professionals, and thus, an attractive target for cybercriminals. Attackers often craft emails with stylized HTML designs that resemble genuine RingCentral notifications. A common bait is to alert the […]
PII Refresher
Personally identifiable information, or PII, is a common term associated with data privacy regulations. While “PII” is specific to the United States (other countries call it personal data or simply personal information), the concept of what PII is and why it’s so important translates globally. Here’s what you need to know: PII includes many types […]
Why Policies Matter
If work-related security concepts were given a slogan, it would probably be “always follow policy.” In fact, you’ve probably encountered that statement many times, and for good reason. Policies are created to keep data, systems, and people safe. Without clearly defined policies, organizations would struggle to maintain security. They would also struggle to adhere to […]
Maintaining Your Digital Well-being
Developing good habits in life is the key to strong physical and mental health. Research shows that people who regularly eat healthy foods and exercise are generally happier. A commitment to those habits (and many others) can be challenging, but it’s a fundamental part of living a fulfilling life. Similarly, you can take actions that […]
Anatomy of a Phish: January 2024 Phishing Simulation
Test Inspiration: In February 2022, ‘alias impersonation’ attacks surged, making up approximately 32.2% of all cyber incidents. These attacks heavily utilize social engineering, creating a sense of urgency in their targets. This urgency often drives individuals to take actions like clicking links, opening attachments, or hastily responding to messages. Phishing Email Context: The phishing email […]