A simple enterprise internal phishing email drill

Posted by ultranet on Mon, 17 Jan 2022 08:07:57 +0100

1, Exercise purpose

Among the enterprise security threats, the threat from network e-mail has been growing in recent years, because e-mail has become an indispensable part of daily life. Office information notification and communication scheme retention need to be delivered by e-mail. If there is no security awareness related to e-mail, it may be phished, social workers, or even planted Trojans, which is a great security risk for enterprises. Therefore, this time, by imitating a real fishing incident, we conducted safety awareness training to tell employees how to identify and judge whether it is a phishing email in the future, so as to increase the safety awareness of the staff.
In order to better understand the maturity of the company's security awareness, verify the publicity and implementation effect of preventing phishing email in the early stage, improve the security awareness of all staff through simulation training and reduce the risk of information leakage of the company.

2, Drill steps

Phishing mail template (for reference)

All departments and staff:
hello everyone!
Recently, new cases of COVID-19 pneumonia have been confirmed in Yunnan and other regions. In order to strengthen the epidemic prevention and control results, the company emphasizes the epidemic prevention and control requirements again as follows:
1, Employees in all regions should actively pay attention to local vaccination policies, improve epidemic prevention and control awareness, and actively carry out new crown vaccination.
The novel coronavirus pneumonia novel coronavirus vaccine is a novel coronavirus pneumonia epidemic prevention and control system. It is necessary to ensure that the new population is immune to the economic and social order, and quickly form the immune barrier of the population, effectively prevent the spread of the new crown pneumonia virus and ensure the health and safety of our employees. According to the overall plan of the Organizing Committee for the prevention and control of vaccination and the leading group of the epidemic prevention and control work, we will re evaluate the new crown vaccination situation of our staff. Please fill in the following questionnaire or the questionnaire in the annex as required.
2, Questionnaire
Please complete the questionnaire before leaving work on the afternoon of xx, 2021. Thank you for your cooperation.
Please fill in the questionnaire here (malicious link address, click to jump to the malicious page)
XXXX Human Resources Department
July xx, 2021

Overall thinking

1. The form embedded in the front page is responsible for submitting personal information;
2. The back end uses the flash framework to receive and process data;
3. It is necessary to locate the employees who click the link and submit data respectively, and make records for the employees to report and receive phishing emails;

Jump page production (front page)

A form can be made through simple front-end code for employees to fill in information (this page can be modified from the company's system, which is more realistic).

The key codes are as follows:

<form action="http://vps address: Flash port / submit route "method =" post "> < input name =" name "placeholder =" name "required =" required "type =" text "style =" width: 100px; height:45px"/><input name="staff_ ID "placeholder =" job No. "required =" required "type =" text "style =" width: 100px; Height: 45px "/ > < input name =" status "placeholder =" whether inoculated "required =" required "type =" text "style =" width: 100px; Height: 45px "/ > < button class =" but "type =" submit "> submit < / button > < / form >

Page creation after data submission

This time, we use a simple page, submit HTML, as shown below:

Background data receiving and processing

from flask import Flask,jsonify,render_template,request
import json
import pymysql

app = Flask(__name__)#Instantiate app object
 #The data submitted by the employee is written to the database
def mysql(name,staff_id,status):
    db = pymysql.connect(host = "x.x.x.x",port = xxx,user = "xxx",passwd = "xxx",db = 'xxx', charset='utf8' )
    cursor = db.cursor()
    command = "insert into Library name.Table name (name, staff_id, status) values(%s, %s, %s);"
    values = (name,staff_id,status)
    cursor.execute(command,values)
    db.commit()
    cursor.close()
    db.close()

#The '/' URL is bound to the submit() function. When opening the home page of the web server, the output of the function will be rendered
flask Class run()Method runs the application on the local development server, that is, the above method submit.html page
@app.route('/submit', methods=['POST'])
def submit():
    if request.method == 'POST':
        name = request.form.get('name')
        staff_id = request.form.get('staff_id')
        status = request.form.get('status')
        print(name,staff_id,status)
        s = mysql(name,staff_id,status)
    with open("submit.html","r",encoding = "utf-8") as f:
        submit_html = f.read()
    return submit_html

if __name__ == '__main__':
# run_simple(host, port, self, **options)
    app.run(host = '0.0.0.0',port = "xxx",debug=True)

Bulk mail sending in python

# coding:utf-8
import xlrd
import xlwt
import os
import smtplib #smtp server 
from email.mime.text import MIMEText #Message text
from email.header import Header
 
#Get mailbox
workBook = xlrd.open_workbook(r"Mailbox table path")
allSheetNames = workBook.sheet_names()
target_Sheet = workBook.sheet_names()[x]
target_Sheet_content = workBook.sheet_by_name(f"{target_Sheet}")
rows = target_Sheet_content.nrows
#cols = target_Sheet_content.ncols
print(f"sheet The name of the table is:{target_Sheet}\nsheet Total mailboxes:{rows}")
for i in range(0,rows):
    person_Email = target_Sheet_content.cell(i,0).value
    #Mail build
    subject = "[[epidemic prevention and control] update statistics on the vaccination of Xinguan in the third quarter"#Mail title
    sender = "Sender mailbox"#Sender
    password = "Sender's email authorization code"
    recver = person_Email#Receiver
    content = f"""<html>
    <html>
    <head>
        <title></title>
    </head>
    <body>
    <div style="line-height: 1.7; color: rgb(0, 0, 0);">
    <p style="text-align:start; text-indent:0px; -webkit-text-stroke-width:0px; margin-top:6px; margin-bottom:6px"><span style="font-size:16px"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="color:#000000"><span style="font-style:normal"><span style="font-variant-ligatures:normal"><span style="font-variant-caps:normal"><span style="font-weight:400"><span style="letter-spacing:normal"><span style="orphans:2"><span style="text-transform:none"><span style="white-space:normal"><span style="widows:2"><span style="word-spacing:0px"><span style=" text-decoration-thickness:initial"><span style="text-decoration-style:initial"><span style="text-decoration-color:initial"><span style="font-family:sans-serif"><span style="line-height:24px"><strong style="-webkit-user-drag:none; - WebKit app region: no drag "> < span style =" font size: 14.5pt "> < span style =" WebKit user drag: None "> < span style =" WebKit app region: no drag "> < span style =" line height: 29px "> < span style =" font family: imitation song "> departments and all employees: < / span > < / span > < / span > < / span > < / span > < / strong > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span</p>
    
    <div style="text-align:start; -webkit-text-stroke-width:0px; text-indent:29pt; margin-top:6px; margin-bottom:6px"><span style="font-size:16px"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="color:#000000"><span style="font-style:normal"><span style="font-variant-ligatures:normal"><span style="font-variant-caps:normal"><span style="font-weight:400"><span style="letter-spacing:normal"><span style="orphans:2"><span style="text-transform:none"><span style="white-space:normal"><span style="widows:2"><span style="word-spacing:0px"><span style=" text-decoration-thickness:initial"><span style="text-decoration-style:initial"><span style="text-decoration-color:initial"><span style="font-family:sans-serif"><span style="line-height:24px"><strong style="-webkit-user-drag:none; - WebKit app region: no drag "> < span style =" font size: 14.5pt "> < span style =" WebKit user drag: None "> < span style =" WebKit app region: no drag "> < span style =" line height: 29px "> < span style =" font family: imitation song "> < span style =" font weight: normal "> Hello, everyone! < / span > < / span > < / span > < / span > < / span > < / strong > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / div >
    
    <div style="text-align:start; -webkit-text-stroke-width:0px; text-indent:29pt; margin-top:6px; margin-bottom:6px"><span style="font-size:16px"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="color:#000000"><span style="font-style:normal"><span style="font-variant-ligatures:normal"><span style="font-variant-caps:normal"><span style="font-weight:400"><span style="letter-spacing:normal"><span style="orphans:2"><span style="text-transform:none"><span style="white-space:normal"><span style="widows:2"><span style="word-spacing:0px"><span style=" text-decoration-thickness:initial"><span style="text-decoration-style:initial"><span style="text-decoration-color:initial"><span style="font-family:sans-serif"><span style="line-height:24px"><strong style="-webkit-user-drag:none; - WebKit app region: no drag "> < span style =" font size: 14.5pt "> < span style =" WebKit user drag: None "> < span style =" WebKit app region: no drag "> < span style =" line height: 29px "> < span style =" font family: imitation song "> < span style =" font weight: normal Recently, Yunnan and other regions continued to appear in the newly diagnosed cases of COVID-19 pneumonia. As the flow of personnel in summer increased, to strengthen the epidemic prevention and control results, the company again emphasized the epidemic prevention and control requirements as follows: </span></span></span></span></span></span></strong></ span></span></span></span></span></span></span></span></span></span></span></span></span></span> </span></span></span></span></span></div>
    
    <div style="text-align:start; -webkit-text-stroke-width:0px; text-indent:29pt; margin-top:6px; margin-bottom:6px">
    <p style="text-indent:27.75pt; margin-top:6px; margin-bottom:6px"><span style="font-size:16px"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="color:#000000"><span style="font-style:normal"><span style="font-variant-ligatures:normal"><span style="font-variant-caps:normal"><span style="font-weight:400"><span style="letter-spacing:normal"><span style="orphans:2"><span style="text-transform:none"><span style="white-space:normal"><span style="widows:2"><span style="word-spacing:0px"><span style=" text-decoration-thickness:initial"><span style="text-decoration-style:initial"><span style="text-decoration-color:initial"><span style="font-family:sans-serif"><span style="line-height:24px"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="line-height:24px"><strong style="-webkit-user-drag:none; - WebKit app region: no drag "> < span style =" font size: 14.5pt "> < span style =" WebKit user drag: None "> < span style =" WebKit app region: no drag "> < span style =" line height: 29px "> < span style =" font family: imitation song "> I. employees in all regions should actively pay attention to local vaccination policies, improve awareness of epidemic prevention and control, and actively carry out new crown vaccination. < / span > < / span > < / span > < / strong > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span</p>
    
    <p style="text-indent:27.75pt; margin-top:6px; margin-bottom:6px"><span style="font-size:16px"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="color:#000000"><span style="font-style:normal"><span style="font-variant-ligatures:normal"><span style="font-variant-caps:normal"><span style="font-weight:400"><span style="letter-spacing:normal"><span style="orphans:2"><span style="text-transform:none"><span style="white-space:normal"><span style="widows:2"><span style="word-spacing:0px"><span style="text-decoration-thickness:initial"><span style="text-decoration-style:initial"><span style="text-decoration-color:initial"><span style="font-family:sans-serif"><span style="line-height:24px"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="line-height:24px"><span style="border:1pt none windowtext; font-size:14.5pt; padding:0cm"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="line-height:29px"><span style="font-family:Imitation Song Dynasty">The novel coronavirus pneumonia novel coronavirus pneumonia prevention and control system is to prevent and control the economic and social order, to form a crowd immune barrier quickly, effectively prevent the spread of the new crown pneumonia virus, and ensure the health and safety of our employees.</span></span></span></span></span><span style="border:1pt none windowtext; font-size:14.5pt; padding:0cm"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="line-height:29px"><span style="font-family:Imitation Song Dynasty">plan,</span></span></span></span></span><span style="border:1pt none windowtext; font-size:14.5pt; padding:0cm"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="line-height:29px"><span style="font-family:Imitation Song Dynasty"><span style="background-color:#Ffff00 "> now the vaccination status of the new crown vaccine of our employees is counted again. Please fill in the vaccination status in the following questionnaire as required. < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span ></p>
    
    <p style="text-indent:27.75pt; margin-top:6px; margin-bottom:6px"><span style="font-size:16px"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="color:#000000"><span style="font-style:normal"><span style="font-variant-ligatures:normal"><span style="font-variant-caps:normal"><span style="font-weight:400"><span style="letter-spacing:normal"><span style="orphans:2"><span style="text-transform:none"><span style="white-space:normal"><span style="widows:2"><span style="word-spacing:0px"><span style=" text-decoration-thickness:initial"><span style="text-decoration-style:initial"><span style="text-decoration-color:initial"><span style="font-family:sans-serif"><span style="line-height:24px"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="line-height:24px"><strong style="-webkit-user-drag:none; - WebKit app region: no drag "> < span style =" font size: 14.5pt "> < span style =" WebKit user drag: None "> < span style =" WebKit app region: no drag "> < span style =" line height: 29px "> < span style =" font family: imitation song "> II. Questionnaire < / span > < / span > < / span > < / span > < / span > < / strong > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span ></p>
    
    <p style="text-indent:27.75pt; margin-top:6px; margin-bottom:6px"><span style="font-size:16px"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="color:#000000"><span style="font-style:normal"><span style="font-variant-ligatures:normal"><span style="font-variant-caps:normal"><span style="font-weight:400"><span style="letter-spacing:normal"><span style="orphans:2"><span style="text-transform:none"><span style="white-space:normal"><span style="widows:2"><span style="word-spacing:0px"><span style="text-decoration-thickness:initial"><span style="text-decoration-style:initial"><span style="text-decoration-color:initial"><span style="font-family:sans-serif"><span style="line-height:24px"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="line-height:24px"><span style="border:1pt none windowtext; font-size:14.5pt; padding:0cm"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="line-height:29px"><span style="font-family:Imitation Song Dynasty">Please</span></span></span></span></span><span style="border:1pt none windowtext; font-size:14.5pt; padding:0cm"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="line-height:29px"><span style="font-family:Imitation Song Dynasty"><span style="background-color:#Fff566 "> in the afternoon of x, 2021, < / span > < / span > < / span > < / span > < / span > < / span > < span style =" border: 1pt none windowtext; font-size:14.5pt;  Padding: 0cm "> < span style =" - WebKit user drag: None "> < span style =" - WebKit app region: no drag "> < span style =" line height: 29px "> < span style =" font family: imitation song "> complete the questionnaire, thank you for your cooperation. < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span ></p>
    
    <div style="background:#eeeeee;border:1px solid #cccccc;padding:5px 10px;"><a href="http://vps ip: port? Email Department No. = {person_email} "> < span style =" font size: 16px "> < span style =" WebKit user drag: None "> < span style =" WebKit app region: no drag "> < span style =" color: #000000 "> < span style =" font style: normal "> < span style =" font variant caps: normal "> < span style =" font weight: 400 "> < span style =" letter spacing: normal "><span style="orphans:2"><span style="text-transform:none"><span style="white-space:normal"><span style="widows:2"><span style="word-spacing:0px"><span style="text-decoration-thickness:initial"><span style="text-decoration-style:initial"><span style="text-decoration-color:initial"><span style="font-family:sans-serif"><span style="line-height:24px "><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="line-height:24px"><span style="border:1pt none windowtext;  font-size:14.5pt;  Padding: 0cm "> < span style =" WebKit user drag: None "> < span style =" WebKit app region: no drag "> < span style =" line height: 29px "> < span style =" font family: imitation song "> < span style =" color: #ff0000 "> < B style =" WebKit user drag: none- WebKit app region: no drag "> please fill in the questionnaire here < / b > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / a > < / div >
    </div>
    
    <div style="text-align:start; -webkit-text-stroke-width:0px; text-indent:29pt; margin-top:6px; margin-bottom:6px">&nbsp;</div>
    
    <div style="text-align:start; -webkit-text-stroke-width:0px; text-indent:29pt; margin-top:6px; margin-bottom:6px">&nbsp;</div>
    
    <div style="text-align:start; -webkit-text-stroke-width:0px; text-indent:27.75pt; margin-top:6px; margin-bottom:6px">&nbsp;</div>
    
    <div style="text-align:start; -webkit-text-stroke-width:0px; text-indent:27.75pt; margin-top:6px; margin-bottom:6px">
    <p align="right" style="text-indent:0px; text-align:right; margin-top:6px; margin-bottom:6px"><span style="font-size:16px"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="color:#000000"><span style="font-style:normal"><span style="font-variant-ligatures:normal"><span style="font-variant-caps:normal"><span style="font-weight:400"><span style="letter-spacing:normal"><span style="orphans:2"><span style="text-transform:none"><span style="white-space:normal"><span style="widows:2"><span style="word-spacing:0px"><span style="text-decoration-thickness:initial"><span style="text-decoration-style:initial"><span style="text-decoration-color:initial"><span style="font-family:sans-serif"><span style="line-height:24px"><span style="font-size:14px"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="color:#000000"><span style="font-family:Helvetica, " Microsoft Yahei",  verdana"><span style="border:1pt none windowtext;  font-size:14.5pt;  padding:0cm"><span style="font-size:14.5pt"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="background-image:initial"><span style="background-position:initial"><span style="background-size:initial"><span style="background-repeat:initial"><span style="background-attachment:initial"><span style=" Background origin: initial "> < span style =" background clip: initial "> < span style =" line height: 29px "> < span style =" font family: imitation song "> XXXX human resources department < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span</p>
    
    <p align="right" style="text-indent:0px; text-align:right; margin-top:6px; margin-bottom:6px"><span style="font-size:16px"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="color:#000000"><span style="font-style:normal"><span style="font-variant-ligatures:normal"><span style="font-variant-caps:normal"><span style="font-weight:400"><span style="letter-spacing:normal"><span style="orphans:2"><span style="text-transform:none"><span style="white-space:normal"><span style="widows:2"><span style="word-spacing:0px"><span style="text-decoration-thickness:initial"><span style="text-decoration-style:initial"><span style="text-decoration-color:initial"><span style="font-family:sans-serif"><span style="line-height:24px"><span style="font-size:14px"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="color:#000000"><span style="font-family:Helvetica, " Microsoft Yahei",  verdana"><span style="border:1pt none windowtext;  font-size:14.5pt;  padding:0cm"><span style="font-size:14.5pt"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="background-image:initial"><span style="background-position:initial"><span style="background-size:initial"><span style="background-repeat:initial"><span style="background-attachment:initial"><span style=" Background origin: initial "> < span style =" background clip: initial "> < span style =" line height: 29px "> < span style =" font family: imitation song "> xx, xx, 2021 < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span > < / span</p>
    
    <p style="text-indent:0px"><span style="font-size:16px"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="color:#000000"><span style="font-style:normal"><span style="font-variant-ligatures:normal"><span style="font-variant-caps:normal"><span style="font-weight:400"><span style="letter-spacing:normal"><span style="orphans:2"><span style="text-transform:none"><span style="white-space:normal"><span style="widows:2"><span style="word-spacing:0px"><span style="text-decoration-thickness:initial"><span style="text-decoration-style:initial"><span style="text-decoration-color:initial"><span style="font-family:sans-serif"><span style="line-height:24px"><span style="font-size:14px"><span style="-webkit-user-drag:none"><span style="-webkit-app-region:no-drag"><span style="color:#000000"><span style="font-family:Arial">&nbsp;</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></p>
    </div>
    </div>
    
    </body>
    </html>
    """
    
    message = MIMEText(content,"html","utf-8")
    #Content send content "plain" text format utf-8 encoding format
    message['Subject'] = subject #Mail title
    message['To'] = recver #addressee
    message['From'] = "xxxx Human Resources Department<Sender mailbox>" #Sender
    #Instantiate the smtp server. I use the 163 mailbox
    smtp = smtplib.SMTP_SSL("smtp.163.com",994)
    #Sender login
    smtp.login(sender,password)
    #as_string encapsulates the message of message
    smtp.sendmail(sender,recver,message.as_string())
    print(f"The first{i+1}Email:{person_Email}Send complete!")
    smtp.close()

The above code contains < a href=“ http://vps IP: port? Email = department number {person_email} ">. Use url to splice email accounts to count whether to click the link (which can be viewed in the web access log). The department number is convenient for subsequent data statistics and summary.

After the user enters and submits the data, it will be written directly to the database, which can locate the individual employee.

Unified script

After initiating the phishing email test, we will receive the report from the employee. We need to unify the script to avoid revealing the stuffing in advance. For example: "thank you for your feedback. Let's first confirm whether the email is a phishing email. Please don't do anything before confirmation. We will notify you immediately after confirmation. Thank you."

Tracking and statistics

According to the test results of phishing mail, relevant information needs to be collected by department.

Conduct training

Repeat the fishing email drill, display the data in the previous step, and train employees on information security awareness. This paper introduces the common types of phishing emails, how to prevent them, and the ways to report after receiving phishing emails.

repeat

Regularly carry out phishing email test to avoid employees lowering their vigilance after a long time. For new employees, they may lack relevant information security awareness training, and improve information security awareness through real exercises. Keep up with the popular phishing email attack method, and compare it with the previous test after each test to check whether the unsafe behavior of employees has been improved. Summarize the shortcomings and areas for improvement each time to avoid the same problems in the next test.

First response personnel and contact information of safety problems and incidents

In order to respond to safety incidents in a more effective and timely manner, the first responder and department head of safety incidents are identified. The details are as follows:
Contact: Zhang San
Tel.: 11111111

3, Exercise deficiencies

1. Third party mailbox restrictions. The email server blocks ip and email accounts. There are restrictions on sending email every day. It can not be sent at the same time. Messages between departments are synchronized. Subsequent departments should be vigilant when they know the message. Private mail server can be built.
2. If the sending template is single, different types of emails shall be sent according to the work characteristics of different departments;
3. In case of random input, the names of personnel of the whole company can be collected, and the front-end fuzzy matching selection can be used to avoid random input; Or write down the name and job number, and leave the selection box for selection;
4. The sender's email can be easily identified. You can buy a similar domain name of the company to make the phishing email more realistic;

Programmer Think

A simple enterprise internal phishing email drill

1, Exercise purpose

2, Drill steps

3, Exercise deficiencies

Hot Topics