We released and I'll be sending out a press release early next week, however, you're getting the "exclusive" on this (see below):
Most security guys understand the seriousness of phishing attacks and have witnessed firsthand the problems that can arise from clicking on a malicious link. Ransomeware and confidential data theft are just the beginning. Phishing attacks can leave your company with infected computers acting as part of a larger botnet that is standing by - waiting to launch the next DDoS attack.
The issues caused by careless clicking has been so severe that many companies are instituting routine programs that constantly test employees. In an attempt to educate the general population on the dangers of clicking on things too fast when receiving emails, Plixer has developed a free game called:
After being involved with over 40 case studies, it became clear to me that we had to do something to help the Internet community get educated on the dangers of clicking on things they shouldn't. Businesses need to be proactive about making sure their employees know how to avoid infections by carefully evaluating emails.
During the game, users are taught to evaluate links in seemingly innocent emails they might be receiving every day from Linkedin, Facebook, Craigslist and others. By hovering over a link with the mouse, a tip appears with the URL of the link. The user must evaluate the 2nd level domain on all links and select either Safe or Unsafe before they move onto the next game as show below:
If the user clicks on anything other than Safe or Unsafe, the game ends and the user must start over.
Learning to mouse over links without clicking is a very important habit to maintain when reviewing the safety of emails. This is a phishing attack education game that applies to Internet users of all ages. The game tries to make the process fun, for example:
The objective of the game is to evaluate each email before the water runs out of the tank. At the end of the game, a score is provided and users can see how they performed in comparison to others. There is also an option to register which allows players to track their performance over time.
Although the game is free for all individuals who play, there is also a paid option which is still free for all non profit organizations. It allows companies to enroll employees into an ongoing phishing attack training program where players are emailed regularly (e.g. once per quarter). Managers are given the scores of their employees and it even sends warnings to employees who are putting off the game. Statistical reports can also be generated which allows organizations to determine which employees or areas of the company need additional training:
