There are lots of reasons scammers send a phishing email. They may want to get access to the company network or perhaps a quick payout with ransomware. Maybe it’s just a good old-fashioned con to trick someone into sending money or personally identifiable information, but whatever the reason, everyday countless phishing emails are sent into the world, and some percentage of them are successful, or people wouldn’t bother sending them.
When employees received hundreds of emails a day, how do companies protect themselves from this insidious and all too common threat? One way is by carefully training employees to recognize a scam, not fall for it, and most importantly report it, so the company can remove all such emails from their domains.
That kind of testing has tended to be out of reach for SMBs, who, in spite of the obvious threat, haven’t been able to justify the cost of spending money to provide that training. All of those excuses went away today when PhishMe, a 6.5 year old startup that helps companies protect themselves from phishing scams, announced it was releasing a free phishing testing tool for companies with 500 employees or less.
The new tool called PhishMe Free is a cloud service that’s a subset of their enterprise product, PhishMe Simulator. It doesn’t include all of the tools you’ll find in the pay version of course, but it puts anti-phishing training within reach of any company regardless of size.
The SMB customer simply signs up for the cloud service and PhishMe provides templates that look very similar to recent phishing scams. You can modify it with a company logo to make it look more authentic as you wish, then send it to all your employees, or just a subset. Typically, a company conducts monthly tests to limit the number of checks and risk making people immune to tests (or worse real phishing emails).
So what happens when an employee falls for one of the tests? They receive a gentle admonition, explaining that they just fell for a phishing email, and some brief training on how to recognize phishing scams in the future.
Phishing emails have become increasingly sophisticated, and it’s not always easy to recognize a fake, says Rohyt Belani, co-founder and CEO at PhishMe. He says the goal is to reduce the number of people who fall for these emails, while turning the workforce into a group of live phishing sensors. The hope is that more people report a phishing email when they recognize it and ultimately protect the entire company from similar attacks.
While Belani understands all too well that no solution will ever be completely fool-proof, especially as the people running these scams get increasingly sophisticated in their approaches, the goal is to reduce the risk associated with phishing attacks. The free product lets any company get started with the basics while raising awareness. If they need more, they can upgrade, he says.
PhishMe launched in 2011. It’s raised over $58 million across three rounds, according to Crunchbase.