An ID Agent email alert on a mobile

ID Agent – Keep Your Business Secure

Phishing attacks are still the number one method of gaining access to a company’s systems and data. No company is safe from phishing and the recent move away from the office has only made this clearer to many of them. Working from home has opened more organisations to the risk of phishing attacks than ever before.

Although most corporate email is protected by advanced spam filters, many people will use their work computers to occasionally access their personal email. Most personal email accounts, like Gmail or Hotmail, do not have the same filtering and protection as their enterprise equivalents which can present a convenient avenue of attack for hackers.

Phishing is the main method used to infiltrate an organisation. Where a fake email, appearing to be from a colleague, customer or trusted partner, is convincing enough to get you to hand over critical data like passwords, bank account details or customer data.

Several high-profile names (including easyJet) have been hit by successful phishing attacks in the past three months.

To combat this, we have started offering phishing prevention, testing and training to our clients. This package is a triple pack of anti-phishing technology which includes…

Automated Phishing Security Tests

Authentic-looking but harmless phishing emails are automatically sent from ID Agent to your staff members at random, periodically checking if they are staying alert for suspicious emails. We then get a report on who opened the email and how far into the scam they went. ID Agent then sends automated training videos to help educate employees on what to look for in genuine phishing emails. The results are never shared with other employees.

Like genuine phishing emails, the security test emails will look like real communications from your company or other trusted sources (like Google or Microsoft) and are very much like the real phishing emails (people sending you OneDrive files, Costa Coffee voucher offers etc.) but if filled out and completed we will be informed of the results. We will get regular reports on:

  • Percentage of emails that were successfully delivered (this will be 100%).
  • How many opened the email (we expect this to be a high percentage).
  • Who clicked on the links.
  • Who filled out their details on the form.

These emails are fakes, and opening or interacting with them poses no threat, but the aim is to make people more “on their toes” about real phishing emails that could cause harm. At the same time, we also don’t want anyone to be relaxed and think it is only a Carden test, as it may not be!

These emails are sent at random times to randomly selected staff members at all levels of your organisation.

These tests are in no way designed to fool people in order make then look silly, and we will never share the data with any of their colleagues.

Dedicated Training Videos

Once you know what to look for, phishing emails become easier to spot by eye.

These videos are sent automatically to anyone who opened the phishing email and either clicked on a link or gave out information.

Your staff can learn the tactics that scammers will use, real world examples, how and why they work and how best to avoid them. The more informed and aware your staff are, the safer your organisation is.

Automated Scanning of the Dark Web

Automated alerts if your organisation’s passwords are leaked.

ID Agent scans a constantly updated database of previously hacked passwords dating back over a decade.

If, for example, an employee used their work email and password to sign up for an online store and that stores customer data was later hacked and leaked online, this service would alert you that your information had been leaked. You can then take immediate action to change any passwords associated with that employee’s email.

ID Agent is the perfect way to increase the knowledge and cybersecurity awareness of your workforce while also checking constantly if your (or your customers’) details have been leaked online. As ID Agent is completely automated your staff will never be able to say they’ve had no training on phishing and security.

You may have recently read about the leak of easyJet’s customer details. You may not have heard of others, like aerospace manufacturer FACC losing $61million in a CEO phishing scam.

You can read some of the latest tactics being used in Phishing Scams here.

We’re confident that the more you learn about phishing the more you will see how essential a service like ID-Agent is.

If you would like to know more about this service, please contact us.

Author: Dave King

Dave King is the Co-Founder and Director of Carden IT Services and the wider Carden IT Group. Dave has over 18 years’ experience in business IT networks with a focus on IT consultation and disaster recovery planning/testing.