Employee Simulated Phishing Campaign - What To Expect (2017 results)
21 September 2017 00:00
Maybe you've delved into the idea of running a simulated phishing campaign on your users? Well, from spear phishing emails to templated attacks, here's some of our findings to give you an idea of what to expect.
We recently ran a simulated spear phishing attack for an IT manager, where 16% of his staff gave away their passwords (luckily, we don't store them). Even though you may think 16% is a large number, the results were actually 10% lower than average for the sector.
From our internal research, we find templated attacks (Microsoft, Amazon & Gmail) get opened by 47% of staff, with 5% of people visiting the “Login Screen” and around less than around 1% falling for this type of attack.
Templated Attack (Microsoft, Amazon & Gmail):
(Below image) Landing page template addressed as "https://microloft.net"
With spear phishing, the open rate remains more or less the same, (48%) however the visits to the fake landing page is 36% (5 times higher) and the compromised rate shoot up to 26%.
Spear Phishing Campaign (CEO Message, Upcoming Merger)
Best times to send a phish:
The best time to send a phishing attack is actually on a Sunday Evening as compromised increases to around 30% and the worst time is Wednesday afternoon falls to around (21%)
Best Time To Send A Phish = Sunday Evening
Worst Time To Send A Phish = Wednesday Afternoon
Taking the plunge:
Whilst running a simulated phishing campaign your staff can be daunting, on average, when IT managers ran a second spear phishing attempt, the visited and compromised results dropped by 13% Visited and 9% Compromised.