Module 1: Recon
Module 3: Automating Your Emails
Module 5: Course Assessment
Welcome to Cybrary’s phishing course. This course is intended for people of all skill levels, with no prior knowledge or experience needed. In this phishing training course, you will learn the basics of phishing, how and why phishing continues to work, how to craft the perfect phishing email and what you can do to defend against these increasingly clever social engineering attempts. Social engineering attacks are still the number one method of entry into an organization's network and systems by both penetration testers (ethical hackers) and adversaries.
Phishing attacks are just one way that a social engineering attack can be performed, and are designed to take advantage of the human element in cybersecurity.
Cybrary’s phishing course is an introductory course into phishing attacks and is intended for anyone in the cybersecurity field, including red and blue team members, and end users. In this course you will learn the basics behind phishing, why it works and what you can do to defend against it.
This course is designed to help the red team craft the perfect phishing email, that guarantees click through and increases chances of getting into the network on your first attempt. After learning how these types of attacks work, blue team members will also be able to educate their users and lower the success rate of these types of attacks on their network.
Social Engineers continue to use phishing to attack network because it is guaranteed to work. According to the 2018 Verizon DBIR report, “Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasizing the need for ongoing employee cybersecurity education.”
What is Involved in this Online Phishing Training Course?
In this online phishing training, you will learn to use phishing to test and educate your organization’s employees about phishing schemes and how to avoid them. The objectives you will cover in this class include learning the basics of phishing, how and why it works, how to craft the perfect phishing email, and how you can protect your organization and its employees against such cyberattacks.
This course is ideal for IT professionals who are responsible for training network users how to be safe and vigilant against cyber criminals for the protection of the organizations they work for. The course is a total of one hour, thirty minutes of clock time, and you will receive a Certificate of Completion upon finishing the training.
What’s the Purpose of a Phishing Scheme?
Phishing attacks are commonly used by adversaries, utilizing email (or sometimes text or phone) to gain access to an organization’s network. The victims are messaged by someone pretending to be a trusted entity, often using the name of a real person, or company with which the victim does business. The attacker lures individuals into providing personal and financial information such as social security numbers, account numbers, credit card account details, passwords, and other sensitive data. This often results in identity theft and monetary loss. Adversaries may also trick the victim into wiring large sums of money for fake invoices.
Phishing attacks have increased over the years and it remains the number one attack vector for adversaries.
Why Does Phishing Work?
At the heart of phishing is the use of social engineering. Social engineering relating to information security is defined as using deception to manipulate someone into providing sensitive personal data that can be used fraudulently. The key to successful social engineering is the manipulation. Phishing works because people are presented with scams and attacks that look legitimate and instill trust, often because the entity that it is supposedly from is a real organization that the target does business with.
How Do You Prevent Phishing?
The best way to prevent your employees from falling victim to phishing scams is through anti-phishing training along with simulated phishing that prompts targeted follow-up education.
Simulated social engineering and phishing is one way that you can assess your team’s knowledge and susceptibility to these types of malicious cyberattacks. By creating phishing exploits that look like actual malicious threats and learning which employees become victims by clicking a link in the email, you will be able to educate those employees so they can differentiate between phishing emails and legitimate ones.
How Does Phishing Your Employees to Improve Security Work?
Deploying a phishing simulation against the users in your organization may seem like a process in which you are trying to “catch” someone doing something wrong (to the employees, at least), but it’s really the most effective way to know what your organization’s phishing-related vulnerabilities are and a way to educate your employees about this type of attack.
You can hire third-party organizations to perform phishing tests on the users at your company, however, with Cybrary’s course on phishing, you will easily be able to do this for your own organization.
Certificate of Completion
Complete this entire course to earn a Phishing Certificate of Completion