spearphishing

365 Attack Simulator in ATP vs Knowbe4 for Phish training

We have talked before about companies running internal Spear Phishing Tests internally to check if any users need training of how to spot potential attack vectors

There are a wide range of platforms to choose from

Office 365 has added Phish Simulation to their Offerings in ATP Plan 2 so we thought we would compare it to the current industry leading ( according to Gartner ) solution Knowbe4 per below

Office 365
Attack Simulator in ATP		Knowbe4
Diamond Package
Cost3.80GBP/User/Month2GBP/User/Month
LicensingPer UserWhole Organisation
Password attack campaignsYesNo
On Prem and 365 MailboxesYesYes
USB Drive TestNoYes
Video Training AccessNoYes
Phishing Reply Tracking NoYes
Templates available2100+
Vishing Security TestNoYes
Whitelisting RequiredNoYes
Users Sync NeededNoYes

Knowbe4 has a must more customisable solution for enterprises with API intergration and larger offering , however for Small Business’ wanting to add to ATP Plan 1 , the Attack Simulator ticks that box for compliance in regards to running Phish Simulations.

Spear Phishing what is it and how to protect yourself from it

As techtarget.com puts it : 

Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain

How is this done

We have seen a few cases of this usually in the following order :

1) Attacker uses publically available resources e.g. Social Sites , company websites to get a name and email for a financial controller as well as the managing director of the company

2) Attacker uses a third party email server to fake [email protected] email and sends the below email to [email protected]. Attacker could also try emailing from [email protected] ( notice the ltd the end! ) 

Hey financecontrollername,
I'm in the middle of a meeting , not available on the cell phone , but need this actioned NOW please transfer $$$$$ to this bank account let me know when done
managingdirectorname

Attacker also tries to send emails to financecontrollername saying 'Hey are you there ?'

3) financecontrollername sends the money and emails managingdirectorname when done , only to find out managingdirectorname never asked for this transfer

How to protect yourself from this

1) Careful what information you have publically available such as emails as it can be used against you. Also be careful emailing people you don't know , the attacker copies your signature to validate the email as best as possible

2) Get your IT provider to use SPF Records along with DKIM records to either put all the emails from your organisation that are from unknown senders into SPAM , or mark the Subject as SPAM so the end user knows to be wary. This can be done with Spam Filters and Exchange

3) Financial Controllers should always speak to MD's when unsure of moving money around , better to be safe than sorry as they say!

If you have already been effected

Speak to your local Police by dialling 101, and report it.

Speak to your bank, there is a 24 hour window where bank transfers can be halted, speak to them as soon as possible