Whether current job, education, certificates, hobbies or colleagues: Many employees are not stingy when it comes to publishing their profile data on social media. A study by the Technical University of Darmstadt (TU) and IT-Seal shows that this makes them a high-risk group for spear phishing attackers.

The increasingly professionally organized fraudsters spare neither expense nor effort in tracking down information about potential victims that is available online. Employer rating portals and company websites are also meticulously combed for data in order to create personally tailored phishing e-mails. One example is the Russian Conti cybergang, which uses expensive open-source intelligence tools (OSINT) to automate the collection of publicly available data. Disguised as bosses, colleagues or business partners, the Conti crooks try, among other things, to plant ransomware on employees. If a coup succeeds, ransom payments of several million US dollars are usually obtained.

With OSINT to attack potential analyses

With IT-Seal’s Spear-Phishing-Engine, the OSINT potential can be harnessed for the companies themselves. This helps them to build a sustainable security culture. The patented spear phishing engine independently collects publicly available employee and company information and analyzes it for its phishing attack potential. Companies gain transparency as to how threatened their security is by data accessible on the Internet and can carry out targeted educational work with employees.

IT-Seal offers awareness training, in which users with similar risk potential are grouped together and provided with special e-learning and social media guidelines. These provide guidance on which profile data should be restricted and which data protection settings must be observed. This also applies to expressions of opinion on social networks. To protect the personal sphere of employees, IT-Seal conducts the training sessions anonymously and with the involvement of the works council. 

Behavioral change through simulated attacks

In addition, IT-Seal uses the spear phishing engine to create authentic spear phishing emails in order to prepare employees for actual attacks in the context of simulated attacks. If a user falls for a fake email, he or she is taken directly to an interactive explanation page. There, the user is given detailed information about the suspicious features of the e-mail, ranging from letter misspellings in the address line to fake subdomains and dubious links. In order to achieve a lasting learning effect, the phishing simulations are continuously run and updated.

Phishing simulations take advantage of a:r employee’s “most teachable moment” by alerting them to their potentially malicious behavior at just the right moment. This is especially beneficial for social media aficionados. For example, TU Darmstadt and IT-Seal found in their study that they are also more susceptible to phishing attacks because they respond directly and automatically to triggers, prompts and notices. Information is not critically evaluated as often. Because spear phishing simulations reinforce users’ impulsive decisions, they contribute to lasting behavior change.