A major U.S. healthcare provider significantly reduced their employees' susceptibility to callback phishing attacks after using KnowBe4's callback phishing simulation and training capabilities.
Callback phishing is an insidious social engineering technique where victims receive seemingly harmless emails that trick them into calling a number and unwittingly revealing sensitive information. Unlike typical phishing emails, these attacks use real-time deception over the phone to bypass email security tools.
KnowBe4’s Callback Phishing feature allows admins to run a simulated callback phishing campaign to see if employees would fall for this social engineering trick. An email lands in their inbox, with a phone number and a code. If they dial that number, they’ll be asked for the code. But here's the catch — enter the code, that’s the first failure point, give up personal or sensitive info, that’s a double whammy. These failure points are tracked within the KnowBe4 console just like email-based phishing exercises and help admins pinpoint which users would give up personal or sensitive data to give them additional training.
Targeted Callback Phishing Training Rollout
A segment of employees failed an initial callback phishing simulation with a higher-than-desired Phish-prone™ Percentage (PPP).PPP measures an organization’s employee susceptibility to phishing attacks. A high PPP indicates greater risk, as it points to a higher number of employees who typically fall for these scams. A low PPP is optimal, as it indicates the staff is security‑savvy and understands how to recognize and shut down such attempts.
To address this risk, the organization rolled out specific KnowBe4 training content teaching users about the credential harvesting techniques real scammers use as part of callback phishing. The supplemental training had a 97% completion rate across the target group of 237 users who initially failed the phishing test.
Measurable Risk Reduction
In the three months after the targeted training, the organization saw their employees' susceptibility to real-world callback attacks drop. Following another callback phishing campaign to these same users, the high-risk group's PPP dropped from 7.5% before training down to 5.4% — a 28% reduction in risk.
With KnowBe4's callback phishing capabilities integrated into their security awareness program, the healthcare provider strengthened their human firewall against scammers targeting unwary staff. Smarter security awareness means better risk management.
Want to fortify your workforce against callback phishing? Get a look at KnowBe4's capabilities with a free demo.