Social Engineering Testing is Necessary to Fend off Phishing Attacks


The success of social engineering as part of phishing and spear phishing attacks has caused organizations to realize they need an effective tactic to make employees vigilant.

In a recent interview, Mark Bernard, principal at security consulting firm Secure Knowledge Management, discussed the two reasons why social engineering attacks are successful:

  • Users have the mindset that social engineering attacks will never happen to them. But when faced with an attack, it’s when they least expect it.
  • The use of two-factor authentication has also lulled many organizations into a false sense of security, thinking it can’t be bypassed (which it has).

With users believing either they are impervious to attack, the risk of successful attack is even higher. So, how can organizations elevate their security posture?

According to Bernard, the answer lies in phishing testing. By continually testing user’s ability to pick up social engineering cues, they become used to the need for scrutinizing emails and can spot a real socially engineered phishing email before they become its next victim.

The additional benefit is found in testing the entire organization. That way everyone from executives to assistants – and anyone in between – is having their awareness of the need for secure practices when interacting with email elevated on an ongoing basis. You can read the entire interview over at SC Magazine.

Phishing Security Test

We've got something really cool for you: the new Phishing Security Test v3.0!

Sending simulated phishing emails is a fun and an effective cybersecurity best practice to patch your last line of defense… your users.

Find out the Phish-prone percentage of your organization with our free updated Phishing Security Test that now includes our New Industry Benchmarking. See where you stack up! Industry Benchmarking enables you to compare your organization’s Phish-prone percentage with others in your industry.

Find out how you are doing compared to your peers and see the difference 12 months can make after using the integrated KnowBe4 Simulated Phishing and Security Awareness Training platform!

With Our Updated Phishing Security Test:Phishing Security Test Screenshot

  • You can customize the phishing test based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry


The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Start phishing your users now. Fill out the form, and get started immediately. There is no cost.

Get Your Free PST Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Weak Password Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews