MENU

This website uses cookies to ensure you get the best experience on our website. Learn More

Employee Simulated Phishing Campaign - What To Expect (2017 results)

21 September 2017 00:00

Maybe you've delved into the idea of running a simulated phishing campaign on your users? Well, from spear phishing to templated attacks, here's some of our findings to give you an idea of what to expect.

Close up image of people inspecting simulated phishing reports, including graphs and figures

We recently ran a simulated spear phishing attack for an IT manager, where 16% of his staff gave away their passwords (luckily, we don't store them). Even though you may think 16% is a large number, the results were actually 10% lower than average for the sector.

From our internal research, we find templated attacks (Microsoft, Amazon & Gmail) get opened by 47% of staff, with 5% of people visiting the “Login Screen” and around less than around 1% falling for this type of attack.

Templated Attack (Microsoft, Amazon & Gmail):

Results of template attack

(Below image) Landing page template addressed as "https://microloft.net"

With spear phishing, the open rate remains more or less the same, (48%) however the visits to the fake landing page is 36% (5 times higher) and the compromised rate shoot up to 26%.


Spear Phishing Campaign (CEO Message, Upcoming Merger)

Results of spear phishing attack
 

Best times to send a phish:

The best time to send a phishing attack is actually on a Sunday Evening as compromised increases to around 30% and the worst time is Wednesday afternoon falls to around (21%)

Best Time To Send A Phish = Sunday Evening

Worst Time To Send A Phish = Wednesday Afternoon

Taking the plunge:

Whilst running a simulated phishing campaign your staff can be daunting, on average, when IT managers ran a second spear phishing attempt, the visited and compromised results dropped by 13% Visited and 9% Compromised. 


 

Subscribe To Our Blog