Phishing Test Helps Measure Security Risk

February 14th, 2011   /     /   Smarter Identity

Even tech-savvy employees can fall prey to an email phishing scam. To help organizations gauge the risk of employees entering their login credentials on a fake landing page, OneLogin launched an online test that emulates a typical phishing attack.

Here’s how it works: At OneLogin Phishing Test, the test admin enters the email addresses of employees who should receive the emulated phishing scam – the email message will ask employees to confirm access to the company’s Google Apps account. If employees enter their credentials on the fake landing page, they will not be aware that they has fallen prey to an emulate phishing test. They will simply be redirected to the real Google Apps page where they can enter their credentials as they normally would.

Although employees don’t know that they have been phished, the Test Admin receives an email alert and is provided with a dedicated results page where they can monitor results.

Why use the test? The test does not capture or record any of the login information provided by employees who fall prey – it only records that action was taken. It’s an easy and safe way to measure an organization’s level of risk and helps determine what changes need to be made internally to prevent suffering the embarassement of a real security breach.

How do your employees fare? Start your emulated phishing test to find out.

About the Author

Thomas Pedersen, founder and CEO of Onelogin, has more than 15 years of experience in building and selling carrier-grade billing systems for phone companies, initially at Cisco-backed Digiquant in Denmark and later at Intec Telecom Systems in the US. After having helped Zendesk grow to 5,000 customers as VP Business Development, he is now laser-focused on making OneLogin the most widely deployed identity management solution in the cloud.

View all posts by Thomas Pedersen