Could you Pass a Secret Phishing Test?

I decided to try Duo Security’s phishing test and sent myself a fake phishing email. The mail can be customized and sent to any number of employees:

Phishing Test 1

When I clicked on the link, Google Chrome warned me that the domain was known for phishing:

Phishing Test 2

Of course, a real campaign would probably start with a clean domain, so that warning might not appear. Instead, you’d be presented with a nice logon screen very similar to a Microsoft logon screen. Note that Google is still flagging this at the top of the page. But the HTTPS certificate is valid, so if Google wasn’t flagging it, the HTTPS would be accepted.

Phishing Test 3

After entering my email address and password, I was advised that I’d been phished:

Phishing Test 4

The back-end dashboard shows how many recipients have opened the email, clicked on a link, or provided credentials:

Phishing Test 5

Ready to try a phishing test at your company? Contact MCB Systems.

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.

This site uses Akismet to reduce spam. Learn how your comment data is processed.