Background

A leading business firm in India needed to assess the susceptibility of their staff from phishing attacks. “Enticing our employees to enter their login credentials or click on links was simply too run-of-the-mill,” one of them told us.

They wanted to gauge how susceptible their employees were to phishing attacks, but they did not want something quite so simple.

What We Did

We found out that an internal conference involving the senior leadership was being organized at an external venue. We crafted a phishing email that appeared to have come from their HR and asked them to dress in red tops and black pants during the conference. The results couldn’t be any clearer. Anyone who fell for the simulated phishing attack would dress as the email told them to.

The executives were finally onboard.

Outcome

Out of 40 participants, 20 took the bait and came in red tops and black pants. Management was convinced that there was a need to improve their employees’ security awareness and subsequently engaged OhPhish’s services.