TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

100% Positive

Analyzed from 513 words in the discussion.

Trending Topics

#phishing#learning#shira#create#https#actually#context#simulation#quizzes#feedback

Discussion (7 Comments)Read Original on HackerNews

echoangle•about 19 hours ago
I don’t think that’s how phishing can be prevented. It’s very different to do the quiz compared to actually getting a phishing message pressuring you to do something. People don’t even start questioning it before they act on that.

I think fake phishing messages over the same channel real ones would be in are the way to go.

carohadad•about 4 hours ago
hi!

yes you are totally right that actually getting a phishing message is very different than a learning enviroment, but also we have seen that people don't have the tools to undestand what should raise suspicious (domains, wording, tactics, etc) and that's super dependant of context! For example I'm from Argentina, a phishing case targeting elders in my city might be very different than the ones targeting an investigative journalist (to try to get their info) or a business (to try to get access to their systems). And targeted phishing cases are much easier to create nowadays with ai and all the information avaible online about ourselves, our companies, etc!

Research (and our experience) has shown that the phising simulation (the "fake phising" you describe) is not as effective: https://shira.app/phishing-quizzes

So basically our appoaach was to create the plaforms so that trainers and educators (with our guidance) could create learning experice could create a learning enviroment tailored to the apps, level, context, language of the particular group they are working with.

We launched the platform with a beta program and we received very possitive feedback on learners actually changing behaviour: https://blog.wearehorizontal.org/introducing-shira-2-0-end-t...

We are trying to get even more feedback from the communtity happy to hear if this makes sense to you or any other ideas or comments !! thanks so much for commenting :)

turtleyacht•about 17 hours ago
Maybe the link(s) in the phishing message go to the training site, styled for each client.
carohadad•about 4 hours ago
That's a really cool idea, 100%. Phishing simulation could work together with our learning platform (or any other learning platform) :) thank you for sharing that!
carohadad•about 21 hours ago
hey! our team developed this tool that allows security trainers and teams to develop their own anti-phihing-education trainings based on their own threats, apps, context and language.

would love to get your feedback on it :)

We are also aunching a free-program for 10 orgs on our Enterprise plan --> https://docs.google.com/forms/d/e/1FAIpQLSc5nl1K8IQWuvoR_6PH...

VoidWhisperer•about 20 hours ago
So is the idea for Shira is that it is quizzes and other tools to teach people how not to be phished? Whereas I know some enterprise anti-phishing tooling I've seen lets IT/Security send a 'phishing email', where you are told good job if you report it and it is noted down on your employee record if you do fall for it
carohadad•about 4 hours ago
Hey! super good question, that's exactly the point!

We (and reseach) have found that the "phishing simulation" technique has not been effective. This "IT/Security sending a phishing-email" that you describe is the standard in the industry but it does not foster a space where real education and undestanding about what should be consider suspicious (and why) can occur. We have seen people alerting each other on private channels "be careful with this email, that's the phishing, simulation!". So IT have false data and people are not actually learning much...

Shira allows creating a controlled learning enviroment where people can learn about the phishing tactics and how to detect those in a controlled setting, with tailored explanations adapted to the org language/level/context :)

We wrote about it here: https://shira.app/phishing-quizzes

We launched it with a beta program some months and we have had very good feedback on effectiveness so far!

This is a demo quiz que created, but the idea is that trainers can create their own quizzes with any content and explanations they want https://quiz.shira.app/