|
|
|
|
|
|
by echoangle
32 days ago
|
|
|
I don’t think that’s how phishing can be prevented. It’s very different to do the quiz compared to actually getting a phishing message pressuring you to do something. People don’t even start questioning it before they act on that. I think fake phishing messages over the same channel real ones would be in are the way to go. |
|
|
yes you are totally right that actually getting a phishing message is very different than a learning enviroment, but also we have seen that people don't have the tools to undestand what should raise suspicious (domains, wording, tactics, etc) and that's super dependant of context! For example I'm from Argentina, a phishing case targeting elders in my city might be very different than the ones targeting an investigative journalist (to try to get their info) or a business (to try to get access to their systems). And targeted phishing cases are much easier to create nowadays with ai and all the information avaible online about ourselves, our companies, etc!
Research (and our experience) has shown that the phising simulation (the "fake phising" you describe) is not as effective: https://shira.app/phishing-quizzes
So basically our appoaach was to create the plaforms so that trainers and educators (with our guidance) could create learning experice could create a learning enviroment tailored to the apps, level, context, language of the particular group they are working with.
We launched the platform with a beta program and we received very possitive feedback on learners actually changing behaviour: https://blog.wearehorizontal.org/introducing-shira-2-0-end-t...
We are trying to get even more feedback from the communtity happy to hear if this makes sense to you or any other ideas or comments !! thanks so much for commenting :)