A new South African-developed service called Phish5 allows companies to target their own employees to assess their susceptibility to phishing attacks — before someone else does.

Phishing attacks try to get people to reveal login credentials or other sensitive personal data.

Phish5 was developed by Thinkst, an information security and custom software development company headed by founder Haroon Meer, and came about when one of its clients found that traditional security methods were doing little to stem the tide of phishing attacks it was experiencing.

“We have a client who get’s phished fairly heavily,” Meer explains. “They had tried technical controls and regular filters, but the people going after them are doing a thorough job — mimicking their domain and making the phishing mails look really good. What they needed, as part of their internal education campaign, was the ability to phish their own staff and identify the people who were most vulnerable.”

With Phish5, a company can run phishing campaigns targeting its own employees. In addition to identifying which staff are most likely to fall for phishing attacks — and then training them accordingly — companies can also track responses over time.

“Even if staff start wondering if the e-mails they’re receiving are tests, it makes them more cautious generally,” Meer says.

Phish5 records who received the phishing e-mails, who opened them, who clicked links in them and, if configured, who gave away their credentials.

By default, users can only phish e-mail addresses on their company’s own domain, but those looking to test third-party addresses need to contact Phish5 and provide personal information so that they can be vetted and be signed up as a security consultant.

For US$99, customers can run five phishing campaigns of up to 10 000 e-mail addresses per campaign. For $499, they can run as many campaigns they like for a month.

“We wanted to make it a relatively easy decision and process,” Meer says. “If it’s useful, people will come back and use it again.”

Meer says the phishing problem is unlikely to go away because the low cost of conducting attacks makes them attractive to criminals.

Last year another of Thinkst’s products, a monitoring tool for media companies called Signalnoi.se, won an award from the US-based Knight Foundation. “Our model is build cool stuff, put it out there, and look for more cool stuff to build,” Meer says. — (c) 2013 NewsCentral Media