PhishLine Phishing Solution
The PhishLine phishing solution helps organizations improve their resilience against phishing and social engineering attacks. Employees are trained to recognize phishing attacks and are tested with phishing simulations. The aim is to change behavior and condition everyday employees to be more security aware, turning them from liabilities into fierce security advocates.
The PhishLine phishing solution uses a cyclical approach starting with the development of a training plan that meets the objectives of each organization. Once goals have been identified, organizations can choose from a robust library of training content. Training programs can be selected for individuals, groups or the entire organization.
After training sessions have been completed, individuals are tested to determine the effectiveness of the training and to highlight potential vulnerabilities of people in the organization. The technology that has been implemented to protect critical assets is also evaluated for vulnerabilities.
Organizations measure progress using industry-leading reporting and metrics that profile social engineering threats. Using the information provided by PhishLine, organizations can then take action to deal with the most pressing social engineering threats.
PhishLine advocates a continuous process of testing security awareness, measuring people and processes, using targeted education programs to train employees to be more security aware, followed by further planning to align human-layer initiatives with organizations’ risk based security programs.
Key Features of the PhishLine Phishing Solution
PhishLine offers ‘state-of-the-art phishing training for company employees to raise awareness of the threat from phishing and social engineering attacks. The training programs help organizations to improve resilience against phishing attacks and develop an organization-wide culture of security awareness.
The anti-phishing component of the PhishLine phishing solution contains a range of advanced features to reduce the chance of social engineering attacks being successful. Risk is assessed across the entire organizations and the effectiveness of training and other strategies to reduce risk are measured.
Phishing simulations are used to test security awareness and susceptibility. Campaigns can be scheduled by the day, week, certain times of the working day, user groups or geographical locations. Administrators can schedule short-term dummy phishing attacks or long-term campaigns over several weeks. The PhishLine phishing solution is managed from an easy to use graphical user interface (GUI) that allows advanced campaign targeting without the need to create specific address books. Filters can be applied to target users, groups, countries, locations, time zones and other attributes through the GUI.
Administrators can create phishing links to external domains for the mock phishing exercises or the platform can be configured to use internal subdomains. The same applies to mail servers. Organizations can use external or internal company email addresses, with the latter useful to evaluate susceptibility to Business Email Compromise (BEC) attacks.
Organizations can also use the PhishLine phishing solution as part of their data loss prevention strategies, with white text embedded in campaign emails and portable media campaigns to determine whether emails are leaking outside an organization.
The phishing simulations allow users to submit their information on unencrypted web pages without sending responses over the Internet. It is possible to capture the fact that a user has disclosed their password without actually recording the password that has been entered. The platform also includes GPS testing to determine whether users are sharing their locations on unknown web pages.
Administrators can choose from a wide range of phishing templates that incorporate a host of features and tactics used by cybercriminals in real world attacks. Campaigns can include inline images, HTTP/HTTPS landing pages, a variety of email account senders and web server domains. Multiple attack scenarios can be included in a single campaign and administrators can also run A|B tests to evaluate risk-based hypotheses.
The PhishLine training library includes training programs on general security awareness such as cyberattacks, password management, mobile device security and a general introduction to phishing and social engineering. More advanced training programs have been developed to raise awareness of the different types of phishing attacks and teach employees how to recognize more sophisticated phishing attacks.
PhishLine also offers training programs on PCI and HIPAA compliance, with the latter including introductions to the Health Insurance Portability and Accountability Act, breaches and incident reporting, physical, technical and administrative safeguards and organizational and documentation requirements.
The PhishLine phishing solution also includes training to reduce susceptibility to vishing, smishing and cyberattacks via portable media.
Phish Reporting Button
The Phish Reporting Button is an email client add on that allows employees to ‘report phishiness’ with a single click. Clicking on the button sends a warning to security teams. Those warning emails maintain the integrity of the suspected phishing email by sending the email as an attachment.
Many organizations encourage their employees to report suspected phishing emails but then struggle to analyze those emails and take action to block current attacks. PhishLine offers a solution. Organizations can choose to analyze reported phishing emails via their existing security platforms or they can grant PhishLine access to the emails and subject them to the firm’s deep analytics to help organizations manage threats more effectively.
PhishLine is a Milwaukee, WI-based cybersecurity firm that was formed by Mark T. Chapman in 2011 with the aim of helping information security professionals tackle the growing threat of phishing and social engineering attacks. The PhishLine phishing solution is now used by several Fortune 100 and Dow Jones industrial index listed companies to improve their resilience against phishing and social engineering attacks.
The PhishLine phishing solution was named in the Gartner Magic Quadrant for Security Awareness Computer-Based Training Programs in 2016.