Background

One of the leading stock exchanges in Asia realized that despite of having good security measures in place to protect their business, their employees may still be susceptible to the ever-evolving cybersecurity threats. Already having come across incidents involving human error, they knew something had to be done to make their employees more aware.

They wanted to gauge how susceptible their employees were to phishing attacks, but they did not want something too simple.

What We Did

Our team set up a fake reward redemption website and sent their employees email regarding winning of 'good service' award. The employees clicked the given link to go to the fake website to choose and redeem their rewards. A message was then sent to them confirming they had successfully redeemed their rewards.

Outcome

As the simulation was done without prior notice, most of the employees fell for the scam and clicked on the link. The exercise went undisclosed for one month and during that period, many continued to click on the link to check and monitor the status of their reward redemption. This simulation was a huge success with more than 90% of users falling for it.