Employee Simulated Phishing Campaign - What To Expect (2017 results)
21 September 2017 00:00
Maybe you've delved into the idea of running a simulated phishing campaign on your users? Well, from spear phishing to templated attacks, here's some of our findings to give you an idea of what to expect.
We recently ran a simulated spear phishing attack for an IT manager, where 16% of his staff gave away their passwords (luckily, we don't store them). Even though you may think 16% is a large number, the results were actually 10% lower than average for the sector.
From our internal research, we find templated attacks (Microsoft, Amazon & Gmail) get opened by 47% of staff, with 5% of people visiting the “Login Screen” and around less than around 1% falling for this type of attack.
Templated Attack (Microsoft, Amazon & Gmail):
(Below image) Landing page template addressed as "https://microloft.net"
With spear phishing, the open rate remains more or less the same, (48%) however the visits to the fake landing page is 36% (5 times higher) and the compromised rate shoot up to 26%.
Spear Phishing Campaign (CEO Message, Upcoming Merger)
Best times to send a phish:
The best time to send a phishing attack is actually on a Sunday Evening as compromised increases to around 30% and the worst time is Wednesday afternoon falls to around (21%)
Best Time To Send A Phish = Sunday Evening
Worst Time To Send A Phish = Wednesday Afternoon
Taking the plunge:
Whilst running a simulated phishing campaign your staff can be daunting, on average, when IT managers ran a second spear phishing attempt, the visited and compromised results dropped by 13% Visited and 9% Compromised.