Phishing attack simulations

 

General description

 

In 2020, a phishing simulator was added to Kaspersky ASAP to check the level of employee information security awareness at any time. The simulator includes phishing emails of various types that test specific practical skills.

The emails assess a wide variety of skills, including how to:

  • spot phishing emails based on grammatical, semantic and stylistic features
  • spot phishing emails based on context and manipulative language
  • avoid emailing your passwords
  • never fill out forms included in emails
  • check the real URLs of links before clicking them
  • recognize fake URLs based on typos in domain names, incorrect placement in 1st level domain zones, etc.
  • never click links that are just numbers
  • spot dangerous email attachments

and more.

 

My role developing the simulator

 

I created, wrote and formatted over 50 emails for the simulator, and also edited all the emails written by other team members.

I also created a number of other phishing emails specially ordered by clients.

 

Email examples

 

Fake email from Microsoft (the expiration of the OneDrive disk).

Fake email about Flash Player update.

Fake corporate email with a new evacuation plan.

Fake email specially requested by a client regarding the Ministry of Defense and Aviation of Saudi Arabia (about a potential conflict with a neighboring country and the need to visit your local recruiting office):