What is phishing?

In simple terms, phishing is a type of attack where electronic communication is used as bait to lure unsuspecting recipients to carry out an action resulting in the compromise of their information or data. This is performed typically by someone who is generally out to make illicit gains, or cause harm to an individual or company.

Why should we care about phishing?  

38% of all data breaches are caused by human error (ACCC Scamwatch). Although employees are often an organisation’s greatest asset, they can also be the weakest link in the cyber security chain. One click on a phishing link can have devastating effects on an organisation.

What type of damage can a phishing attack do?     

A phishing attack can lead to ransomware, reputation loss, bank account changes, sideways leverage, credential capture, etc. According to the IBM Cost of a Data Breach Report 2020, the average time to identify and contain a data breach in 2020 was 280 days. That’s 280 days for hackers to wreak havoc on your systems.

How is Phriendly Phishing different to the competition?

To make things a little livelier, I added a nice little touch up to the paragraph by creating a slide in animation from below. So, instead of being still upon expand, it will slide in from below nicely.

How is Phriendly Phishing different to the competition?
  • Full System Automation​: Phriendly Phishing is a fully-automated phishing ecosystem that syncs to your Active Directory or other data source. Don’t waste precious time on manual tasks!

  • Built for the A/NZ Market: Developed by Australian certified professionals to help Aussies navigate the phishing landscape. Enjoy onshore data sovereignty and customer support. ​

  • Custom Learning Paths​: Take your employees on their own unique journey with a fully-automated risk assessment, training and on-going practice campaigns.​

  • Train, Not Trick​: Most employees are non-technical. Phriendly Phishing trains, nurtures and helps employees create long lasting behavioural change with our train, not trick methodology.​

The Platform

What does ‘zero touch automation’ mean?  

Once our Customer Success Team sets up your account, Phriendly Phishing can run in the background without user intervention. We authenticate with your Active Directory to ensure all staff are added into training campaigns from the minute they join the organisation.

What is a baseline? Why is it kept secret from staff?  

A non-invasive baseline is a is a simulated phishing email sent to all staff prior to training. The baseline provides a measurement to understand where your organisation’s phishing risk currently sits. The baseline is anonymous and it is important to keep it that way to truly create an unbiased measurement.  

What is a unique learning journey and how is it automated?  

The unique learning journey is personalised based on your organisation’s timeline and can be automated across user synchronisation, course deployment, increasing sophistication for phishing email templates, and more.

Can Phriendly Phishing be automated for G Suite as well?  

No, we currently do not support G Suite. Phriendly Phishing supports AD, Okta and Azure. 

The Training

My staff are all technical how will your program help me?

Phriendly Phishing will ensure everyone in your organisation has completed the same high-quality training proven at reducing click through rates on scam emails. The dashboard allows you to monitor staff on an individual basis to identify those that still require additional training.

My staff are already overwhelmed with training do they really need more?

Our training is divided into modules and we encourage you to spread deployment out throughout the subscription ensuring staff are not overwhelmed with additional training. Most modules are around 2-10 minutes long.

Why is it important that your content is built by Australians when I can get thousands of courses from overseas providers?

Phriendly Phishing training is continually updated and features Australian voices, language and spelling which increases employee engagement. Being Australian made, you can be certain training is of the highest quality and will resonate the best with your employees. Remember, more is not always better. Our course catalogue was discerningly developed with a proven methodology and to Australian standards to ensure the best employee behavioural change results.

How do you train my staff, is it face to face or online courses?

Phriendly Phishing training is completed online. Workers expect training to be filled with engaging content and Phriendly Phishing delivers. From fun mini quizzes and mnemonic memory prompts to short, snappy micro-lessons and challenges, we will keep your people keen for more. 87% of learners are satisfied with Phriendly Phishing’s training.

What does ‘Train, not Trick’ mean?

Phriendly Phishing builds employees' knowledge through wins and success and creates steppingstones to improvement. The program does not attempt to trick or belittle employees. In a monthly phishing campaign, if an individual clicks into an email they are redirected to a micro lesson to remind them what to look out for in emails and how to report a phishing template next time. Phriendly Phishing’s program is at its core, respectful of your employees.

What is S.C.A.M.?

Today’s workers expect training to be filled with engaging content and Phriendly Phishing delivers. Our ‘Scan for S.C.A.M.’ mnemonic memory prompt provides a framework for employees to evaluate the online communication they interact with quickly and easily. S.C.A.M. means Sender, Content, Action & Manage.

How much training do my staff need to complete up front?

Our S.C.A.M. modules are short and suggested to deploy throughout the year to keep your staff engaged in phishing concepts. We recommend scheduling S.C.A.M. 101 to your organisation before beginning the monthly, automated phishing campaigns.

What is Keep Secure and why do I need this too?

The Keep Secure (KSec) security awareness training takes users on an enjoyable journey of understanding through interesting and relevant security topics. Traditional training methods often tell people what not to do, but do not provide any context as to why. The KSec series changes that by taking users on a tour across different psychological and historical events designed to allow them to gain a deep understanding of current security threats, and how they came to be that way.

How often is the training updated?

Whilst we aim to refresh the scam examples and enhance the training design on an annual basis, our scam courses are designed to be foundational learning which will always remain relevant; therefore, our approach is to create shorter, bite-sized modules in response to the current scams that supplement the original, foundational courses.

Instead of one course that gets recycled and updated every year, you can expect to see a series of relevant courses and modules being added to our course library in response to the evolving scam tactics.

How do staff know if they clicked on a simulated phishing email?

Staff who click on a phishing link in the live environment (MS Outlook) will receive instant feedback in the form of a Microlesson describing what makes that specific email a phishing email.

Why is this approach of using microlessons beneficial?
  • We believe this form of active reinforcement will better assist in addressing knowledge gaps instantaneously.

  • We are conscious of the multi-generational and diverse learning styles that can assist within any organisation – so if the learner did not grasp the key message in the previous eLearning format, the more practical method delivering the same message, using a shorter, sharper approach could be absorbed more effectively.

  • Using a blend of theoretical and practical solutions adds learning diversification to the learning experience, with the goal of changing behaviour and keeping S.C.A.M. tips front of mind!

Subscription, Set-Up and Maintenance

How long is a subscription?

Phriendly Phishing’s standard subscriptions are for 2 years.

How much does it cost?

All companies will charge you an upfront cost for access to their system, however it is important to keep in mind the hours per week required for upkeep and maintenance. Through our automated approach, we have minimized any ongoing administration of Phriendly Phishing while still giving some of the highest quality results in market. Your per-employee subscription fee to Phriendly Phishing is the only cost you’ll ever incur.

Do you offer customer support?

All customers have anytime access to our online support ticketing and knowledge base. Our Customer Success and Support team is Australian based, with standard business hours during AEST to support Phriendly Phishing account admins.

Who will set Phriendly Phishing up for me?

Our Customer Success and Support Team will reach out to set up your Phriendly Phishing account and hold a 30-minute demonstration to show you how to manage your account and setup the baseline, training, and campaigns. Visit our online ticketing and knowledge base system to communicate with our technical support team and access how-to pages.

Where is your data stored & how is it protected?

Data is stored and protected through AWS in Sydney, Australia.

Who are your current clients, and can I speak with them?

Phriendly Phishing is the trusted provider of hundreds of organisations in Australia across sectors including state and local Government, higher education, retail, technology, health and more. We have helped clients of all sizes from 50 employees to 60,000 employees. Phriendly Phishing is able to provide you with customer references if required to assist in your buying process.

You’re part of CyberCX, what does that mean?

CyberCX is your boardroom to basement solution. ​In the past, your IT team have managed many different vendors, covering each technology need for your organisation, increasing wasted time on admin.​ CyberCX puts the customer experience first. We’ve brought together the greatest force of cyber security experts to provide your business a holistic cyber security experience.