Let’s Go Phishing! Why You Should Phish in Your Own Pond

Mwah ha ha ha ha! (That’s my evil laugh.) Today, we are going to learn ways to trick your firm! It’s like April Fool’s Day, but with beneficial consequences. What tricks and pranks are we going to pull? We are going to discuss why you should send phishing emails to your own firm.

Imagine the hoot you’ll get when you send out an email promising $250,000 in rewards and your CEO clicks! Slap-your-knee fun when you send out an email asking for a signature on a UPS package and your receptionist clicks!

OK, so this isn’t really that funny, is it? Because you and I both know that those clicks expose your firm to serious security threats from hackers.

So why would I suggest you phish in your own pond? Because that is the very best way to train and monitor your weakest security link: your people.

Unfortunately, you can’t just create a random email campaign and send it out for several reasons:

  • Like you have that kind of time?
  • You won’t necessarily know who clicked.
  • You need a system to handle ongoing phishing and training (this ongoing threat requires ongoing surveillance).

Lucky for you, I am a brilliant April Fool’s trickster! (Did you see my Tips&Tricks this past April 1?) I’m also a darned good phisher. As a partner with KnowBe4, the world’s most popular integrated Security Awareness Training and Simulated Phishing platform, I can help you launch a phishing campaign that includes the following:

  • Unlimited phishing tests
  • A huge library of template bogus emails just like the ones hackers use (ie. coupons from Pizza Hut, UPS delivery notices, even notes that look like they came from your HR office)
  • Reportable results down to individual users, which allows you to track ongoing improvements as well as the types of emails that get the most clicks
  • Online trainings to build awareness of phishing schemes
  • Ability to track people to take online trainings associated with phishing education

Quite honestly, socially engineered hacking may be your weakest link but, thanks to KnowBe4’s program, it’s also easily managed. If you’d like to chat further about protecting your firm from social engineering attacks, don’t hesitate to call me or email me at: 303-800-5408 or Doug@savvytraining.com.


Savvy Training & Consulting works with leading companies and technologies to deliver the most up-to-date training solutions and curricula to law firms. Savvy recently unveiled an award-winning Learning Management System (LMS) for law firms, SavvyAcademyTM, which delivers scalable training capabilities, reportable data down to the individual user and 24/7 support, all for a fraction of the cost of traditional LMS services.


Leave a Reply

Contact Us: