FAQ regarding Phishing-Simulation, E-Learning & Co.
You can find the answers to the most common questions from users of our Awareness solution, e.g. regarding e-learning or phishing simulation, here.
Yes. The GDPR stipulates that you provide your employees with educational and informational material on the subject of data protection, thus raising their awareness of the confidentiality of personal data. The SoSafe e-learning course on data protection does not only meet these criteria, but also does so in an understandable, playful and sustainable way.
The four core modules can be completed in just 23 minutes. With this basic training, you already meet the GDPR compliance requirements. However, further training with additional modules is still worthwhile, as this further reduces the risk of data incidents.
The modules inform learners about data protection and the GDPR and are continuously expanded to include new topics. The e-learning courses currently address topics and questions such as: What is personal data? What does the EU Data Protection Regulation say? How do you recognize a data protection incident? What rights do data subjects have and how do you deal with them? Feel free to contact us for more information.
A duty to teach employees on data protection can be derived from various articles of the GDPR. You can fulfil this duty by conducting employee trainings such as web-based trainings or workshops. The GDPR also holds data protections offers accountable: In the case of a data breach, organizations must be able to prove that they have sensitized their employees to data protection issues in order not to be held responsible for the incident.
With a two-factor authentication (2FA), users log in via two independent components (factors). In addition to the normal login via username and password, the entry of a code is required, which in many cases is generated on a smart phone. Only after entering this second code can access to the account be obtained. 2FA is a much more secure way of providing proof of identity.
A zero-day exploit attack takes advantage of a software security vulnerability. The attack is usually carried out on the same day that the gap is discovered, i.e., before the software provider can fix the flaw. Zero-day exploits are often sold by hackers to cybercriminals who then implement them in new malware.
SoSafe’s training measures are aimed at all employees in order to train them in IT security. As part of this awareness building (i.e. the creation of awareness for IT security), we offer a comprehensive learning environment on behalf of your employer: By means of interactive learning modules, short videos, examples from everyday work and short quiz questions, you will learn the most important rules and hints for the safe use of computers, smartphones and data. Topics such as password use, malware or data misuse are also dealt with. Additionally, we send simulated phishing emails to all employees at irregular intervals. The aim of this simulation is for you to learn how phishing mails work and how to recognize them. Your employer does not receive any individual data about the phishing simulation, only a completely anonymous evaluation. This IT security training is offered to you by your employer and provided by us – SoSafe GmbH from Cologne.
In consultation with your employer and the data protection officer of your company, we will receive a list with the email address data of all employees. This list contains the correct salutation, first name and surname, email address, language and an optional assignment to a group (e.g. department or location). We need this data to carry out the phishing simulation. Your employer receives an aggregated and anonymous evaluation of the handling of the e-mails. This evaluation does not allow any conclusions about the behaviour of individual persons. We process all data exclusively within the framework of the existing contractual agreements with your employer (data processing agreement). Over the course of this, we take extensive measures to protect all data.
No, the emails are not dangerous, it is only a simulation. At no time are your personal/business data or end devices in danger. If you click on a link in one of our phishing emails, you will be taken to a learning page on the Internet. There you will find detailed information about the simulation and, above all, concrete hints on how you could have identified this particular email as a phishing attempt.
Yes, these emails are accepted by our servers. However, they are completely anonymized in order not to be assignable to a specific person. It is only automatically evaluated whether an answer was sent and whether it was a technical answer (automatically generated by your mail server), an automatic absence note or an actual answer mail. Your employer is notified about how many of the phishing emails were answered in total. However, he or she does not get any insight into the content of the answers or which user replied to the emails.
Some of our phishing emails will take you to a specially prepared website where you will be asked for your Windows password, for example. No matter what you enter, this data will, of course, not be stored by us. So you have nothing to worry about. Our server only registers that data has been entered. As part of the evaluation of the phishing simulation, your employer receives information on how many of the input fields were filled during the simulation. However, it is not possible to trace which employee entered the data. Tracing individual behavior is technically excluded. However, it is generally recommended that you change your password immediately if you suspect that any input mask has been manipulated.
If your company has guidelines for handling spam and phishing emails, please follow them. Typically, you will contact your IT department, helpdesk, or service representative. They will inform you about the further procedure. If your company uses our SoSafe phishing notification button (button in Microsoft Outlook), all you have to do is click on it in Outlook and the email will be automatically forwarded to the right person/unit, depending on your organization’s settings. You will then receive an immediate response in Outlook as to whether it was one of our phishing emails in the simulation or whether the email first needs to be analyzed by your company’s IT experts. Depending on your organization’s settings, the suspicious email will be deleted from your inbox or you can delete it manually. If you need the email again at a later time, you can contact your IT department, who can help you recover the email if necessary.
In Germany alone, industrial espionage and cyber crime cause annual losses of 5.6 billion euros. In the majority of cases, such attacks start with a phishing mail. In targeted attacks, sometimes half of the recipients of a phishing mail click on phishing links or open dangerous file attachments and thus allow attackers to access sensitive company data or private information. In order to prevent such attacks, it is therefore important to train all employees on the risks and correct handling of phishing emails.
The simulation not only helps you to detect harmful phishing emails in your business inbox and thus to protect yourself and your company from potentially great damage. You can also use the knowledge gained to reduce the risk of cyber attacks for yourself and your family. The tactics shown are often used for phishing attacks on private individuals as well.
Real phishing mail attacks occur any time – even during working hours. Companies are targeted by cyber criminals and every year companies and private individuals suffer high financial losses due to phishing and fraud on the Internet. Our phishing simulation is designed in such a way that you will not experience any time-consuming disruptions during your daily work, but will nevertheless receive effective training on how to deal with phishing. In addition, our e-learning platform gives you the opportunity to deepen your knowledge of topics related to IT security in short learning modules. With this knowledge you protect yourself and your company against phishing attacks from the Internet.
If you have any questions regarding the use of IT in your company, please contact your company’s IT department first. If you have any questions about our phishing emails or our e-learning offerings, please feel free to contact our support team.
If you use the e-learning via our web platform, you complete a short quiz at the end of each learning module, which always comprises four questions. Your individual answers in this quiz will not be reported to your employer. Your employer will only receive information about when you registered on our e-learning web platform and how many modules you have already completed and passed. In some cases, the employer does not receive any information about this either, but only sees what the progress of all employees is overall. Please refer to the terms of use displayed when registering for the e-learning for the regulations applicable to your company. If the e-learning is played out via a learning management system (LMS) installed in your company, please ask the relevant department (usually IT or HR) for the data available to your employer.
The topics around IT security are dealt with in greater depth on our online e-learning platform. Access to it is provided by your employer.
Yes, as a registered user on our e-learning platform you can have your personal certificate issued. This allows you to record that you have completed the learning modules and passed the knowledge tests.
Adware (from “advertising” and “software”) is a collective term for programs that are financed via advertisements. It is designed to launch individual ads on the users’ computers and generate income from them. Some types of adware might also include malware or spyware – programs intent on intercepting personal data by redirecting search requests.
An antivirus program (AVP) detects malware by comparing the files on your device with fingerprints and signatures of already familiar malware and protects your computer and smartphone from an infection with that virus. Your AVP should, therefore, always be up to date to be able to detect signatures of as many malicious programs as possible. Do not postpone your AVP’s updates – there is new malware every day. there is new malware every day. There are two different ways for your AVP to protect your devices: 1. Ad hoc review – When you download or use a file (e.g. a Word document), the program scans your device for signs of an infection while using a file. 2. Regular checks – The AVP scans all the files saved on your devices in regular intervals. Even if the AVP had its latest update, it cannot unerringly detect all malware: If the AVP’s provider has not had enough time to analyze newly released malware, the AVP does not ensure full protection. Cybercriminals can even manipulate computers and operating systems using so-called “rootkits” so that the AVP can no longer detect malware.
In IT security, awareness (also known as security awareness or cyber security awareness) describes an individual’s correct and deliberate handling of IT security risks. This includes knowledge about different types of cyber threats and strategies on how to react in case of a real attack. Organizations use training measures (security awareness trainings) to strengthen employees’ security awareness and minimize IT security dangers.
Baiting is a special type of social engineering in which criminals take advantage of their victim’s curiosity. They place digital or physical baits to install malware on the recipients’ systems and intercept sensitive data. Typical examples are infected download links in phishing mails advertising supposedly free offers and deals as well as USB flash drives which are placed in or close to the organization to install malware when connected to a device.
A bot (from “robot”) describes a computer program that usually performs repetitive tasks on its own without depending on any interaction. A botnet is a group of computers that are networked together after they have been infected with malware. These networks, once connected to the internet, can respond to remote commands from cybercriminals. The network connection and local resources of affected computers are then used by cybercriminals for various purposes without the knowledge of the user. As a result, your own computer can be used unnoticed, to send spam, to carry out DDoS attacks or for phishing.
Business email compromise is a cybercrime in which criminals impersonate an organization’s employee and send emails in his or her name. They often include personal data in these mails to manipulate receivers and prompt them to act a certain way. Typically, cybercriminals imitate executives (see CEO fraud) or the finance department so that employees transfer money to the criminals without the victims recognizing the fraud.
A CEO fraud is a type of business email compromise in which cybercriminals impersonate executives and send emails in their name. The combination of deceptively real messages imitating executives and psychological tactics such as social engineering induces employees to act in the attackers’ favor, for instance by transferring large sums of money.
In 2009, the Conficker virus spread in Germany and took control of hospitals, government departments, the German Bundeswehr, small and large organizations alike as well as hundreds of thousands of Internet users. The virus deactivated important security programs and downloaded malware among other things. Back then, Conficker was the largest botnet of all time. While the network did not cause huge damage to the computers themselves, it was responsible for massive economic damage and raised public awareness for trojans, viruses and botnets for the first time.
Cybercriminals attack computers or networks for financial as well as personal or political motives. Organized cybercriminals act highly professionally and cause considerable damage through their attacks.
A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt services by sending numerous requests to one server, one computer or other network components using large botnets. This can lead to a denial of active service if the computer under attack does not have enough resources to process all these incoming requests.
Domain hijacking describes the illegal takeover of a domain, its content or user accounts. In the case of such an attack, cybercriminals, for example, change the registration data of the hijacked site to place malware on the original domain and intercept user data by faking login masks to use the information for further phishing attacks. In many cases, hackers use social engineering to collect data about the domain holder and have the domain changed by the registrar.
The General Data Protection Regulation (GDPR) took effect in May 2018. It regulates how organizations should handle personal customer data. It applies for organizations based in the EU as well as organizations merely operating in the EU. The guidelines deal with the processing and storage of individual data and cover extensive duties of documentation. Organizations that do not follow the defined security standards must expect severe penalties.
E-learning (also known as electronic learning or online learning) describes a learning process using electronic technologies. In organizations, the term usually refers to trainings to be completed on the Internet or with the help of mobile applications. Employees can access the learning contents online and are able to complete the tasks autonomously and from any location.
Emotet is a malware that spreads mainly via spam mails. It downloads additional malware on already infected systems in order to initiate further attacks. It was first discovered in 2014 and ever since new versions have caused considerable disruption. Emotet is especially known for crawling existing email attachments and using social engineering tactics. This makes the infected emails look even more realistic and thereby attack individuals more precisely.
File sharing is the process of distributing files via the Internet. More specifically, the term often refers to the exchange of illegal copies of purchased software or media such as music and movies. Special programs such as so-called peer-to-peer or P2P networks are often used for this purpose.
A firewall (also known as security gateway) is a security barrier set up between a computer system and a network. It monitors incoming and outgoing network traffic in both directions to prevent outsiders or malicious programs, from gaining access or causing damage. Based on this information and on individual settings, the firewall either grants access to the system and the network or restricts it. It thereby protects the system from cyber threats. Experts recommend a combination of antivirus programs and employee training for awareness building because a firewall alone does not guarantee comprehensive protection.
Grayware refers to potentially risky software which can neither be categorized as pure malware nor as conventional software – this gray zone gives it its name. Most of the time, it does not cause any damage apart from displaying annoying and undesirable contents such as adverts or pop ups (adware) or spying on users’ online behavior (spyware). Grayware poses a security risk when it impedes the system’s efficiency.
Hackers are computer experts with a high technical understanding and interest in creating and modifying programs. The term often refers to cybercriminals with bad intentions, so-called “black hats”. But it can also describe “white hats” or “ethical hackers” who use their knowledge to make networks and programs more secure.
Hacktivists are a group of cybercriminals who attack computer systems for political or social reasons. They want to draw attention to social wrongs or controversial topics by disrupting services, e.g., disfiguring websites or publishing corporate information. Consequently, they often attack governments, as was the case with the attack on the German government, the so-called “Bundeshack”. Hacktivists also morally challenge the work of multinational corporations who they attack regularly.
The Internet of Things (IoT) refers to systems of smart devices, i.e. “intelligent” objects that communicate with each other via the Internet. This enables the devices to be controlled by people via the internet without them needing physical access to the device. Smart devices can often also perform fully automated tasks without the need for additional instructions.
The International Organization for Standardization’s norm, ISO/IEC 27001:2013 or just ISO 27001 provides recommendations on how IT security can and should be ensured in companies. Companies can be ISO 27001 certified if they comply with the corresponding security standards in relation to their information security management system. In doing so, they also comply with all required guidelines and laws, such as the EU-GDPR.
JavaScript is a script language used in the dynamic development of websites to increase and enhance the design possibilities of HTML and CSS. It enables users to add interactive content such as buttons or animations. The web browser, not the server itself, interprets and processes the object-based programming language.
Critical infrastructure are systems and organizations crucial for maintaining societal functions. Their disruption or breakdown would have considerable consequences on the community, e.g. bottlenecks in supply or threats of public security. Transport, energy, water, information technology, finance and the healthcare sector are examples for critical infrastructure in Germany.
The word malware is composed of the English “malicious” or Latin “malus” (meaning bad) and software. Malware is a collective term for a whole range of harmful software designed to perform unwanted and usually harmful actions. Prominent examples of malware are virus, worm and Trojan.
Identity theft is a special type of a cyberattack in which fraudsters act under false identities using somebody else’s name or a pseudonym and then create new accounts in the victim’s name.
The word phishing is derived from the English word “fishing”. It is an attempt to illegally “fish” for user’s personal data and use it for criminal purposes. Cyber criminals use fake emails, websites, or phone calls to obtain data. If the victim does not recognize the manipulation, access data, passwords and credit card numbers can unknowingly fall into unauthorized hands.
In a phishing simulation (also known as a phishing test), emails that are very similar in structure and function to a real phishing email are sent to users. The aim is to train users on how to deal with real phishing emails in order to increase their awareness level and to be able to recognize them better in the future. Phishing simulations are generally harmless.
Ransomware is a special type of malware that restricts systems partly or completely by encrypting stored data. Victims cannot access their systems unless they pay the required ransom.
The term social engineering describes the emotional manipulation of people to induce certain behaviors. Social manipulation is often used to elicit confidential information, encourage the purchase of a particular product, or extort the release of funds. The tactic is increasingly used by cybercriminals for sophisticated attacks on users.
Social hacking is a special type of social engineering. It involves manipulating, influencing, or deceiving people in such a way that cybercriminals gain control over users’ computer systems. The aim is to gain illegal access to users’ data or the organization they work for. In social hacking attacks, hackers usually contact their victims via email and private messages on social networks or call them.
Spam or junk mails are mass emails that include commercial adverts or even harassment and which are sent without the receivers’ consent.
In contrast to classic phishing where cybercriminals send emails to large numbers of inboxes, spear phishing focuses on and targets specific victims. In such cases, cyber criminals send deceptively real phishing mails, which include insider knowledge collected beforehand, with the view to obtaining confidential data or trigger certain behaviors.
Trojans are a type of malware posing as a useful application while performing malicious activities on the users’ devices without their knowledge. Once installed, the trojan can infect the user’s computer with other malware and spy on sensitive data. The term trojan refers to the Trojan Horse from Greek mythology.
Vishing is the abbreviation for voice phishing and refers to a form of telephone fraud in which the victim is lured into giving out personal data over the phone. The aim is to trick the victim on the phone into giving out personal data. Often, the criminals catch the victim off guard by pretending to be an employee of a bank or software company, and persuade the victim to take ill-considered actions, such as transferring money.
A computer virus is a classic type of malware – a harmful computer program that replicates itself. It cannot exist on its own as it depends on a host, e.g., a document or program, and can only spread through it. Viruses can cause damage to operating systems as well as to software and hardware and often lead to a loss of data on the affected device.
Voice over IP is a technology for voice transmission. In contrast to conventional telephony, the call is divided into data packets. The converted audio signal is transmitted via the Internet using IP which is also used to surf on the Internet.
Virtual private network (VPN) software creates an encrypted “tunnel” for data into organizations’ networks.
In information technology, a whitelist is a positive list or a list of exceptions. It might include trustworthy persons, organizations, applications, websites or other elements. An element included in the whitelist is approved to be used in other processes. Whitelisting is important for phishing simulations to circumvent mail filters and thus ensure the delivery of simulated phishing mails.
Worms are a type of malware that spready via computer networks or removable devices such as USB flash drives. The term “worm” refers to real worms “crawling” into the farthest corners of the computer. Once the infected program is started, the worm replicates itself and spreads copies via all available communication channels.