AI-generated phishing simulations are a game changer for MSPs

Tuesday, July 11, 2023

 

AI-generated phishing simulations are a game changer for MSPs

As part of most security awareness training programs, end users are sent phishing simulations. These messages are intended to simulate real phishing attacks and often include common signs of phishing like: urgent subject lines about losing account access, buying gift cards, spelling errors, off-putting greetings (hello, user), and headers from commonly spoofed brands like Microsoft, Quickbooks or PayPal.


The problem with most phishing simulations.

Simulated attacks are intended to train end users to recognize the basic signs of phishing and to be cautious about opening, clicking or downloading content from a message. Many compliance requirements even include simulated phishing attacks as a part of a security awareness training program — but there aren’t many requirements around how the simulations are created or around the importance of making the simulated attacks realistic or challenging to detect.

With HacWare, the phishing simulations your client’s users receive are created using our patent-pending generative AI tool. This means that the phishing simulations received by end users are automatically generated and built using AI, and are based on real emails and attacks landing in user inboxes.

In addition to sending unique, dynamic messages, HacWare varies the simulation send-day and time. In contrast to security awareness training vendors that send the same phishing simulation to all end users at one time, our targeted vulnerability scanner monitors end user’s activity and distractedness throughout the given time frame and targets users with simulated attacks when they’re most susceptible.

This targeted approach, supported by our AI, prepares users to recognize and respond to attacks even when they’re distracted or busy. More than 52% of workers say that stress causes them to make more mistakes. And with nearly half of tech workers admitting to accidentally clicking on a phishing email at work, we target distracted times to train users to avoid these potentially costly errors.


Educated users can spot obvious attacks.

When your MSP is serving tech-savvy groups, or implementing security awareness training for your own organization, users may be very tech-minded and comfortable spotting the common signs of an attack. At HacWare, we give your MSP the ability to manage the difficulty of the simulated attacks your client’s teams are sent. By default, the system starts with the hardest-to-detect attacks and monitors each user’s pass/fail rate to determine the difficulty level of their next send.  


Some phishing attacks slip through email filters

In 2019 Bleeping Computer reported that 25% of phishing emails were able to bypass Office 365’s default security tools. While your clients may have more than just the basic tools in place, we know that some attacks will always slip through the cracks — hybrid phishing and business email compromise attacks often avoid using malicious links or downloads for this exact reason.


You can fight back with direct email injection simulations

BEC attacks increased by 175% from 2021 to 2023, and make up a third of total financial gains for cybercriminals as reported to the FBI. HacWare’s focus on this type of attack stands up against BEC attackers by training users to be suspicious of all emails and to remain vigilant in their inboxes. Our direct email injection technology intentionally impersonates your client’s team to simulate what a real BEC attack looks and feels like.


Receiving one of these messages can be surprising!

Many of our partner’s clients incorrectly flag these simulated emails as real attacks. In order to avoid this confusion, your MSP can use this guide to identify the signs of a real attack. Your MSP can quickly alleviate your client’s concern and instead celebrate them for correctly identifying a simulation and bringing it to your attention.


How do we simulate BEC attacks while protecting your client’s data?

HacWare is a security-first product and we understand the importance of keeping your and your client’s data secure. Our platform uses data encryption and strict cloud security protocols to keep all of the information we receive safe and secure, including the details used in spoofed simulations. We utilize the Microsoft API integration to find the contacts on your client’s teams who receive the most communication and use those contacts in simulated BEC scams sent to other users. 


Prepare your clients and users for modern attacks

With HacWare’s AI-generated phishing simulations with direct email injection, you can be confident that your clients are receiving high-quality, realistic phishing simulations that are preparing their end users for real-world situations. Your clients may want to alert their teams that these simulated BEC attacks could appear in their inboxes and note that HacWare’s direct email injection will emulate their coworkers' contact information and slightly modify external contact names in the phishing simulations they receive.

Training your client’s end users to be prepared for all types of attacks, including those that don’t get flagged or that don’t include easy-to-spot signs will build them into a stronger line of defense than users who are only prepared for basic phishing attempts.

 

Check out HacWare on the ConnectWise Marketplace!