Book demo

4 campaigns to kickstart your
phishing training

Here’s four examples of phishing campaigns that would be a good way to start your phishing training and we break down how they work.

Campaign 1: Emergency evacuation plan

This e-mail tells the reader that there is a new emergency evacuation plan that must be read by all employees. It takes advantage of the authority of the company.

Difficulty:Hook

Phishing giveaways:

Email:

  • Unconventional request
  • Changes in response policies despite no warnings
  • Short deadline
  • Why would you have to login to read this type of information?
  • Promise of rewards
evacuationplan
Click to enlarge

How the campaign performed:

E-mail sent:
Link clicked:
Collected data:
0%
0%
0%
E-mail sent:
0%
Link clicked:
0%
Collected data:
0%

Campaign 2: Password policy

This e-mail indicates that the company has a new password policy and all staff must confirm that it is read and understood. It takes advantage of the authority of the company.

Difficulty:Hook

Phishing giveaways:

Email:

  • The sender is not a person - just the company
  • Changes in response policies despite no warnings
  • Short deadline
  • Why would you have to login to read this type of information?
newpolicy
Click to enlarge

How the campaign performed:

E-mail sent:
Link clicked:
Collected data:
0%
0%
0%
E-mail sent:
0%
Link clicked:
0%
Collected data:
0%

Campaign 3: Employee benefits

This e-mail tells the reader that their company has partnered with a discounts website. This means that staff can get a discount on several products if they log in with their work e-mail. It takes advantage of the joy of discounts.

Difficulty:Hook

Phishing giveaways:

Email:

  • The website doesn’t exist
  • Multiple mentions of limited gifts and discounts
  • Asks for your work email
  • The sender is suspicious
  • The picture looks like a stock photo
personalegoder
Click to enlarge

How the campaign performed:

E-mail sent:
Link clicked:
Collected data:
0%
0%
0%
E-mail sent:
0%
Link clicked:
0%
Collected data:
0%

Campaign 4: Galactic Cloud

This campaign tells the receiver that he/she has received a new file which needs to be opened inside 24 hours. If the deadline is not met then his/her access will be removed. The campaign takes advantages of peoples natural curiosity and it has a quite proffesionel look.

Difficulty:phishing-anchor

Phishing giveaways:

Email:

  • Galatic Cloud is not a real company
  • The domain which the e-mail is sent from, info@galacticclouds.com, doesn’t exist either
  • It’s unusual that you would receive a file in a cloud-service which you’ve never heard of
  • Short deadline for clicking the e-mail
  • If you click the link the URL is very suspicious
  • It is unusual to receive files from an unknown cloud service
Click to enlarge

How the campaign performed:

E-mail sent:
Link clicked:
Collected data:
0%
0%
0%
E-mail sent:
0%
Link clicked:
0%
Collected data:
0%

Subscribe to our newsletter

Receive updates containing free templates, tools, and news from CyberPilot.

Join our 2000+ subscribers and sign up for our newsletter. You will receive inspiration, tools and stories about good cyber security practice directly in your inbox. Our newsletter is sent out approximately once a month.

Contact

CyberPilot ApS
Mejlgade 39, 1 + 2. Floor
 8000 Aarhus

+45 40 32 32 35
E-mail: info@cyberpilot.io

Copyright © 2021
CyberPilot

Awareness training

Awareness training
Courses, platform and support
Course catalogue
E-book on awareness training
14 days free trial
Prices
Login

Phishing training

Phishing training

Resources

CyberPedia
Blog

Company

About us
Privacy Policy
Databehandleraftale for vores e-learning platform
 
Facebook Linkedin

Icon credits: Streamlineicons.com

Top

Contact us

You are always welcome to contact us
for an initial and informal chat about your cyber security challenges.