Phishing Defence Coaching: A Targeted Approach To End-User Security Training

Phishing Defence Coaching: A Targeted Approach To End-User Security Training image

In a recent webinar from cybersecurity experts Huntress, we got to take a look at a new concept from their SAT platform (Security Awareness Training) -Phishing Defence Coaching.

This is a new way to deploy phishing exercises that provide contextual interactive experiences for any users that are caught out.

Three members of Huntress SAT‘s senior product team provided a demonstration and explained some of the use cases behind the recent developments for the product and how it can help MSPs (managed service providers) to reduce the risk of the human factor for their clients.

Divider

Webinar: That Phishy Feeling – Learning to Spot Modern Phishing

The webinar event took place on Thursday 6th June 2024 at 4:30pm BST.

It was presented by:

Huntress Presenters

And you can catch a full replay of the webinar here.

Divider

Security Awareness: From Threat to Training

Truman began by showing some recent examples of common phishing attempts that have been added their educational portfolio.

Example 1: Rapid Scenario Addition and Modification

There was a recent example of a phishing email targeting MSPs and domain admins in particular. It would appear as a mailbox redirect alert, which the intended victims would be used to seeing.

Huntress developers added this scenario into their SAT platform as this kind of impersonation attack is something all MSPs should be aware of.

Example 2: Malvertising

For some websites you see as trustworthy, there can still be some malicious code hiding in the javascript advertising.

Just clicking on the advert link would download malware onto the hosts machine.

Though this was picked up quickly and isolated by the Huntress SOC Team (Security Operations Centre), the remedial recommendations included enrolling the user onto security awareness training to prevent similar actions in the future.

Malvertising is another scenario now added to the Huntress SAT catalogue.

Example 3: Password Storage

Since January 2024, Huntress have discovered over 30,000 unsecure credential files.

Unsecure credential files are a massive liability because once attackers gain egress into your system, finding these files and exploiting them gives them a greater ability to pivot, hide and elevate permissions.

Because this is a bigger problem than some realise, Huntress created another specific scenario to address this problem in their SAT catalogue.

Divider

A Demonstration of Phishing Defence Coaching

To demonstrate how Phishing Defence Coaching works differently to other methods of follow-up training, Dima took us through a typical scenario.

The phishing email that he showed us was a fraud protection alert from American Express.

While it may have looked believable enough to the untrained eye, there were some clues to its lack of authenticity.

Whereas typical anti-phishing measures may spot this, and isolate it before you click on the link, phishing defence coaching works a little differently.

When you click on the phishing link, you’re redirected to a screen informing you that you were almost phished. This begins the coaching process where you’re asked a question: “Why did you click on the link?”

Possible answers you can give are:

  • I was in a hurry
  • It looked important/seemed urgent
  • I didn’t look clearly enough
  • I thought I was in trouble

Or if none of these fit why you clicked on it, you can add your own reason into a text field.

Depending on the answer you give, it will give you feedback that tells you why this plays into the hands of the attackers.

Phishing Defence Coaching A Targeted Approach To End-User Security Training

Divider

Phishing Defence Coaching Shows You the Signs to Look at For

Next, the coaching refers back to the phishing email that caught you out to show you the signs to look out for next time.

  • Does it have a suspicious email address?
  • Does the link address seem to direct you to a completely different domain when you hover over it?
  • Does it convey a sense of urgency?
  • Is the email not at all relevant to you? (e.g. do you even have an American Express account associated with this email address?)
  • Does the email contain discrepancies in the branding, design and wording?

At the end of this process it asks: On a scale of 1 to 5, how prepared do you feel to identify future phishing attacks?

This information lets the MSP know if there’s a need for a follow-up conversation about more security awareness training, so it’s important to ask.

Phishing Defence Coaching @HuntressLabs helps compromised users to understand what they should look out for in future. Click to Tweet

Divider

Phishing Defence Coaching Dashboard

When you send out a phishing simulation from Huntress SAT, it records the information about who clicked on the link and who ignored it.

Of those that were compromised, you can see the reason they gave for clicking on the link, as well as how prepared they said they were at identifying future phishing attacks.

In future, this will also be able to show historic data. So for MSPs, you can show how much better your client’s staff are at spotting phishing attempts. Which, in turn, demonstrates your value as an MSP to your clients.

Phishing Defence Coaching A Targeted Approach To End-User Security Training

Divider

What Beta Testing Revealed

Out of a sample of 181 people who were phished successfully the top three reasons given for clicking the link were:

  • 29% said “I didn’t look closely enough”
  • 19% said “It seemed important”
  • 9% said “I was in a hurry”

Other common responses said they clicked because it referenced a colleague by name or their email address.

Truman said that it’s a common tactic that phishers employ as a way to bypass our cognitive defences. We’re much more likely to believe an email is legitimate if we see a familiar name within the text.

The preparedness indicator revealed a small number selected 1 or 2 on the scale, which is what you’d expect. However, even those selecting 3, 4 or 5 will be tested again in subsequent months. So it’s best to encourage honest responses here, because the results will reveal the truth.

Divider

Question and Answer Session

To finish the webinar, the speakers invited the audience to ask questions.

Q1: Do you think that people will be honest about their response to the preparedness question?

A2: If you see results with no 1s or 2s reported, then that’s a good thing, of course. It means you should focus on education for the 3s as the lower benchmark.

Q2: To prevent compromised users from telling everyone in the office, is it possible to delay the coaching until all the test emails have been opened?

A2: We considered this approach, but really the emphasis is one of education in the moment. This is so that they are learning while the situation is fresh in their minds.

Q3: Will the SAT platform update its content from threat intelligence collected by the MDR/EDR teams?

A3: Absolutely, in fact the Malvertising scenario we saw earlier came about because it was a common attack vector picked up by the SOC analysts. In cases like this, the details are passed across to the SAT developers to create new scenario content from when it’s judged to be relevant to MSPs and their clients.

Divider

Phishing Defence Coaching Conclusion

The human factor is still a popular vector for attackers to exploit.

Today’s phishing emails are designed to catch you off guard. Therefore, it’s important to not only protect users when they are compromised, but equip them with the knowledge to avoid being compromised in future.

As an MSP, you need to deliver the best value in reducing the risk for your client as possible. Huntress SAT’s Phishing Defence Coaching will certainly help you to do that.

Phishing Defence Coaching A Targeted Approach To End-User Security Training

Divider

You Might Also Be Interested In

STEPHEN MCCORMICK

I'm a small business owner, technical writer and blogger, with 15 years experience in corporate IT. I frequently attend MSP peer groups and create content relevant to IT service providers and business owners.

All Posts

You might like:

Team Tubb Takeover – Christmas 2024 image

Team Tubb Takeover – Christmas 2024

Article | By jak_admin
Networking Tips for MSPs: How to Build Relationships That Convert image

Networking Tips for MSPs: How to Build Relationships That Convert

Article | By Graham Pierrepoint
The Best Apps and Resources for Winter Wellbeing image

The Best Apps and Resources for Winter Wellbeing

Article | By Gudrun Lauret
Beat the Winter Blues: Top Tips for Better MSP Wellbeing image

Beat the Winter Blues: Top Tips for Better MSP Wellbeing

Article | By Gudrun Lauret
CompTIA EMEA 2024: Member and Partner Update and More! image

CompTIA EMEA 2024: Member and Partner Update and More!

Article | By Richard Tubb
How to Introduce a Mental Health Programme into Your MSP image

How to Introduce a Mental Health Programme into Your MSP

Article | By Graham Pierrepoint
Invest In Mental Health For a Happy MSP Team image

Invest In Mental Health For a Happy MSP Team

Article | By Graham Pierrepoint
The Lowdown: Women In Tech Meetup: Pax8 Beyond EMEA image

The Lowdown: Women In Tech Meetup: Pax8 Beyond EMEA

Article | By Richard Tubb
The Easy Way to Transition Your MSP to an MSSP image

The Easy Way to Transition Your MSP to an MSSP

Article | By Richard Tubb
Pax8 Beyond EMEA 24: Growing Community Beyond the Cloud image

Pax8 Beyond EMEA 24: Growing Community Beyond the Cloud

Article | By Richard Tubb
Partnering with Vendors: A Strategic Approach to Enhance Your MSP’s Offerings image

Partnering with Vendors: A Strategic Approach to Enhance Your MSP’s Offerings

Article | By Graham Pierrepoint
How to Scale Your MSP Without Losing the Personal Touch image

How to Scale Your MSP Without Losing the Personal Touch

Article | By Graham Pierrepoint

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore.

Share via
Send this to a friend