Wouldn’t it be great if there were an easy way to keep your end users informed about phishing attacks and lures being seen in the wild today? Our new Attack Spotlight product is our way of providing free, timely, actionable content you can use to arm your end users against the ever-evolving phishing threat.
Each installment in the series includes a two-minute awareness mini-module and a downloadable PDF that feature an example of an actual phishing email seen in the wild, and that explain the current threat in non-technical terms. We also include suggested content for communicating about the Attack Spotlight with your end users.
Timely Threat Intelligence
Compared to other services that list lures or traps, Attack Spotlight has a unique advantage: The phishing email examples are drawn from Proofpoint’s world-class threat intelligence, which analyzes billions of emails each day to classify malicious content and identify lures being distributed at critical mass.
Attack Spotlight shares this real-time intelligence as quickly as possible to help you get out ahead of emerging threats. We release new Attack Spotlights as pressing threats are identified, which means the time between spotting a trending attack and informing end users can be reduced dramatically, from months to days.
High-Quality Awareness Content
Attack Spotlight content meets the same high standards you’ve come to expect from Wombat’s security awareness training tools. Each installment alerts you to an emerging threat and provides content you can use to explain the attack to your end-users — what it is trying to do, how to identify tell-tale signs, and what to do if seen in the wild.
You can share the information in multiple ways: via a “Teachable Moment”-style PDF; an awareness mini-module; or both. The mobile-responsive mini-modules take approximately two minutes to complete, and they conform to the US Section 508 standard and the Web Content Accessibility Guidelines (WCAG) 2.0 AA standard.
Incorporating Attack Spotlight Into Your Security Awareness Program
Attack Spotlight content is free and can be shared with everyone, from employees to friends and family. Wombat customers have another way to use the content: Each lure featured in Attack Spotlight is also added to ThreatSim® as a simulated phishing template. In addition, we recommend specific full-length interactive training modules that can be assigned to further prepare end users against a particular phishing threat.
Currently Available Attack Spotlights
September 2018 Trending Attack: DocuSign Phishing Campaign
Recently, we’ve noticed a rising wave of attacks on DocuSign accounts, with more than 10,000 malicious emails being sent each week. Our latest Attack Spotlight profile, available now, quickly shows users how to avoid being tricked by the DocuSign phishing campaign.
The popularity of DocuSign makes it a favorite target of cybercriminals. They create increasingly elaborate, fake DocuSign emails and websites designed to steal users' information and access their accounts. Attacks have focused on companies in finance, manufacturing, and insurance, but all industries have been affected.
July 2018 Trending Attack: Microsoft Office 365 Credential Compromise
In early July 2018, Proofpoint researchers identified a significant spike in phishing attacks targeting organizations with more than 1,000 Microsoft Office 365 (O365) mailboxes. In fact, more than 75% of Proofpoint’s reporting customers have already been targeted, with cybercriminals attempting to steal user logins through sophisticated counterfeit O365 emails and websites.
Our July Attack Spotlight — available via our archive page — shows users what to look for and how to avoid becoming a victim of O365 credential compromise.