Arsen Blog

No spam, ever. We'll never share your email address and you can opt out at any time.
Effective generative AI for phishing engagements

Effective generative AI for phishing engagements

If you’ve been reading our content, you’re probably itching to shoot some genAI phishing for your next simulation campaign. But one does not simply ask ChatGPT for a cool phishing email. Here are our best practices to deploy generative AI in your phishing operations.

Thomas Le Coz

Thomas Le Coz

Which type of phishing simulation to choose?

Which type of phishing simulation to choose?

Phishing comes in different shapes and forms. This means you have a lot of choices when it comes to creating a phishing simulation, and most companies get confused as to what type of simulation they should run. In this article, we'll...

Thomas Le Coz

Thomas Le Coz

How to launch a phishing simulation to better protect your company?

How to launch a phishing simulation to better protect your company?

In this post, we'll explore the key steps to launch a phishing simulation that will help you protect your company from phishing attacks.

Thomas Le Coz

Thomas Le Coz

Employee Phishing Training: Building Defense Skills

Employee Phishing Training: Building Defense Skills

Phishing training for employees is essential in building defense skills against cyberattacks. By educating employees on how to recognize and respond to phishing attempts, businesses can reduce the risk of data breaches and enhance overall security. Learn the key components...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Phishing Training: Essential for Employee Security

Phishing Training: Essential for Employee Security

Phishing training is essential for protecting your organization from cyberattacks. By educating employees on how to recognize and respond to phishing threats, you can reduce the risk of data breaches and enhance your overall security. Learn the key components of...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Phishing Awareness: Educating to Prevent Attacks

Phishing Awareness: Educating to Prevent Attacks

Phishing awareness is essential to safeguarding your business from cyberattacks. Learn how to recognize phishing attempts, understand common tactics used by attackers, and implement strategies to prevent these threats. Empower your team with the knowledge to protect sensitive information and...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Quishing: When Phishing Meets QR Codes

Quishing: When Phishing Meets QR Codes

Quishing is a new phishing tactic where attackers use malicious QR codes to deceive users into visiting fraudulent websites or downloading harmful software. Learn how quishing works, real-world examples of this scam, and key strategies to protect yourself and your...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

DMARC Explained: Securing Email Integrity

DMARC Explained: Securing Email Integrity

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that helps prevent spoofing and phishing attacks. It allows domain owners to define how unauthenticated emails are handled, protecting both email integrity and brand reputation.

Arsen Team

Arsen Team

DMARC Checker: Validate Your Email Protection

DMARC Checker: Validate Your Email Protection

Ensure your email domain is protected from spoofing with Arsen's free DMARC Checker. Validate your DMARC setup, verify SPF and DKIM alignment, and safeguard your emails against cyber threats. Strengthen your email security today with our simple and effective tool.

Arsen Team

Arsen Team

What is DKIM? Understanding Email Authentication

What is DKIM? Understanding Email Authentication

DKIM (DomainKeys Identified Mail) is an email authentication method that verifies the sender's identity and ensures message integrity. By adding a digital signature to emails, DKIM helps protect against spoofing and tampering. Learn how DKIM enhances email security and safeguards...

Arsen Team

Arsen Team

DKIM Checker: Verify Email Security

DKIM Checker: Verify Email Security

Ensure your emails are protected from spoofing and tampering with Arsen's free DKIM Checker. Easily verify your email's DKIM setup and secure your communications from potential cyber threats. Protect your domain today and enhance your email security in just a...

Arsen Team

Arsen Team

Common Phishing Indicators: Recognizing Red Flags

Common Phishing Indicators: Recognizing Red Flags

Identifying common indicators of a phishing attempt is crucial for staying secure online. Look out for suspicious sender addresses, generic greetings, urgent language, unusual links, and requests for sensitive information. Recognizing these red flags can help you avoid falling for...

Arsen Team

Arsen Team

Types of Phishing Attacks: A Comprehensive Guide

Types of Phishing Attacks: A Comprehensive Guide

Phishing attacks come in various forms, from deceptive emails to fraudulent text messages. Understanding the types of phishing—including email phishing, spear phishing, smishing, vishing, and clone phishing—can help you identify and protect against these threats. Learn specific strategies to secure...

Arsen Team

Arsen Team

Understanding Spear Phishing: Focused Cyber Attacks

Understanding Spear Phishing: Focused Cyber Attacks

Spear phishing is a targeted cyberattack that uses tailored information to trick individuals or companies into revealing sensitive data. Learn what spear phishing is and discover key prevention tips, such as verifying the sender, being cautious of urgent requests, and...

Arsen Team

Arsen Team

Spear Phishing Definition: Targeted Email Threats

Spear Phishing Definition: Targeted Email Threats

Spear phishing is a targeted form of phishing that uses personalized tactics to deceive specific individuals or organizations. Unlike regular phishing, spear phishing exploits trust by mimicking familiar contacts. Learn how to recognize these targeted threats and implement protective measures...

Arsen Team

Arsen Team

Spam vs Phishing: Definitions and Differences

Spam vs Phishing: Definitions and Differences

Spam and phishing are common types of unwanted emails, but they serve different purposes and pose different risks. While spam typically promotes products or services, phishing aims to steal sensitive information using deceptive tactics. Understanding spam vs phishing is key...

Arsen Team

Arsen Team

Smishing vs Phishing: Definitions and Differences

Smishing vs Phishing: Definitions and Differences

Smishing and phishing are cyber threats that use deception to steal personal information. While phishing typically targets victims through email, smishing uses text messages to trick individuals into revealing sensitive data. Learn how these tactics work and the specific defenses...

Arsen Team

Arsen Team

Navigating Phishing Scams: Avoidance Techniques

Navigating Phishing Scams: Avoidance Techniques

Phishing scams use deceptive tactics to steal your sensitive information. By understanding different types like spear phishing, smishing, and pharming, you can better navigate these threats. Learn key avoidance techniques, including verifying requests, inspecting URLs, and using security software to...

Arsen Team

Arsen Team

Examples of Phishing Emails and Prevention Tips

Examples of Phishing Emails and Prevention Tips

Phishing emails are crafted to deceive and steal sensitive information. Understanding various phishing email examples, such as fake security alerts, unexpected invoices, and prize notifications, is key to recognizing these threats. Learn how to identify and avoid these scams to...

Arsen Team

Arsen Team

Identifying Phishing Emails: What to Look For

Identifying Phishing Emails: What to Look For

Phishing emails use deceptive tactics to trick you into revealing sensitive information. Learning to identify phishing email techniques, such as manipulated sender addresses, urgency tactics, and mismatched URLs, is crucial for your security. Discover how to spot these red flags...

Arsen Team

Arsen Team

Phishing Detection: Tools and Techniques

Phishing Detection: Tools and Techniques

Phishing detection is essential to prevent cyberattacks that trick individuals into revealing sensitive information. Combining advanced tools like email filters, web filtering, and anti-phishing browser extensions with user education can significantly enhance your security. Learn the techniques to spot phishing...

Arsen Team

Arsen Team

How to Spot a Phishing Email: Key Indicators

How to Spot a Phishing Email: Key Indicators

Phishing emails are a favorite tool of cybercriminals, designed to steal sensitive information. Knowing how to spot a phishing email is key to staying protected. Look out for unusual email addresses, unexpected attachments, requests for personal information, poor grammar, and...

Arsen Team

Arsen Team

How Phishing Works: Mechanisms and Prevention

How Phishing Works: Mechanisms and Prevention

Phishing is a cyber threat that uses deception to steal sensitive information. Understanding how phishing works—from fake emails to targeted attacks—can help you recognize and avoid these scams. Learn about the techniques used by cybercriminals and the best practices for...

Arsen Team

Arsen Team

Facebook Phishing: Protecting Your Profile

Facebook Phishing: Protecting Your Profile

Facebook phishing is a common scam where attackers attempt to steal your login credentials and personal information. By recognizing tactics like fake login pages, malicious links, and impersonation, you can protect your profile. Learn how to spot these threats and...

Arsen Team

Arsen Team

Phishing Email Examples: Spotting the Signs

Phishing Email Examples: Spotting the Signs

Phishing emails often disguise themselves as legitimate communications to trick you into revealing sensitive information. Recognizing an example of phishing email is crucial for protecting your data. Learn how to spot signs like suspicious sender addresses, urgent language, and unusual...

Arsen Team

Arsen Team

TOP 5 Common Indicators of a Phishing Attempt

TOP 5 Common Indicators of a Phishing Attempt

Phishing attempts are designed to trick you into revealing sensitive information. Recognizing the common indicators of a phishing attempt is essential for online security. From suspicious sender addresses to urgent language and unexpected requests, understanding these red flags can help...

Arsen Team

Arsen Team

Clone Phishing: Recognize and Avoid

Clone Phishing: Recognize and Avoid

Clone phishing is a deceptive cyberattack where legitimate emails are replicated with malicious intent. Attackers use nearly identical copies of trusted communications but replace links or attachments with harmful ones. Learn how to recognize and avoid falling victim to this...

Arsen Team

Arsen Team

Check Phishing Link: How to Verify Safe URLs

Check Phishing Link: How to Verify Safe URLs

Phishing attacks often involve malicious links disguised as legitimate URLs. Knowing how to check phishing links is essential for your online security. Be cautious with suspicious URLs, hover over links to inspect their destinations, and avoid clicking anything that seems...

Arsen Team

Arsen Team

Vishing Definition: Voice Phishing Techniques

Vishing Definition: Voice Phishing Techniques

Vishing, or voice phishing, is a phone scam where attackers use various techniques, such as caller ID spoofing and urgency tactics, to trick victims into revealing sensitive information. Understanding these vishing techniques is crucial to recognizing and preventing these deceptive...

Arsen Team

Arsen Team

What is Vishing? | Protecting Against Phone Scams

What is Vishing? | Protecting Against Phone Scams

Vishing is a form of voice phishing where attackers use phone calls to trick individuals into revealing sensitive information. Unlike traditional email-based phishing, vishing exploits the trust people place in phone communications. Learn how vishing works and the strategies you...

Arsen Team

Arsen Team

What is Catfishing? | Identifying Online Deception

What is Catfishing? | Identifying Online Deception

Catfishing is a form of online deception where individuals create fake identities to manipulate others. Learning how to identify catfishing is essential to protect yourself from these scams. This article reveals key detection techniques, such as analyzing profiles, recognizing evasive...

Arsen Team

Arsen Team

Catfishing meaning: Definition & Examples

Catfishing meaning: Definition & Examples

Catfishing is a form of online deception where someone creates a fake identity to lure others into fraudulent relationships. This practice can involve emotional manipulation, financial scams, or social media impersonation. In this article, we explore the catfishing meaning, the...

Arsen Team

Arsen Team

Spoofing Definition: How It Threatens Security

Spoofing Definition: How It Threatens Security

Email spoofing is a deceptive cyberattack where hackers forge an email's sender address to appear as though it's from a trusted source. This tactic is often used in phishing schemes, business email compromises, and malware distribution, posing significant threats to...

Arsen Team

Arsen Team

How to Prevent Spoofing: Strategies & Best Practices

How to Prevent Spoofing: Strategies & Best Practices

Email spoofing is a dangerous cyber threat that can compromise your organization’s security and reputation. Attackers disguise their emails to appear as though they come from a trusted source, often leading to data breaches, financial loss, and identity theft. In...

Arsen Team

Arsen Team

Impact of AI on Cyberattacks in 2024

Impact of AI on Cyberattacks in 2024

Conference on the Impact of AI on Cyberattacks in 2024.

Thomas Le Coz

Thomas Le Coz

How Klaxoon uses Arsen to train its employees against phishing attacks

How Klaxoon uses Arsen to train its employees against phishing attacks

Aymeric from Klaxoon explains why they chose Arsen to train their employees and improve their reflexes against phishing attacks.

Thomas Le Coz

Thomas Le Coz

Phishing & AI: new attacks and new solutions

Phishing & AI: new attacks and new solutions

In this discussion with Benjamin Leroux from Advens, we explore the changes brought by generative AI to the attack landscape when it comes to phishing and social engineering.

Thomas Le Coz

Thomas Le Coz

Malicious Attachment generation with generative AI

Malicious Attachment generation with generative AI

Spreading malware or gaining initial access through email attachment is the third most common phishing tactic. Because of the scale of our phishing operations at Arsen, we wanted to explore the use of generative AI to craft malicious attachments. This...

Thomas Le Coz

Thomas Le Coz

Generative AI Phishing Scenarios

Generative AI Phishing Scenarios

GenAI phishing is now a thing. You might want to deploy it for your clients or your company but you might also want some scenario suggestions to get your creative juices flowing. This article is for you, we compiled and...

Thomas Le Coz

Thomas Le Coz

Using third party LLMs for genAI phishing operations

Using third party LLMs for genAI phishing operations

With the rise of genAI phishing, you might be tempted to use it for your phishing operations. Using a third party, well trained LLM has obvious advantages, from infrastructure cost — this GPU time isn’t cheap — to ease of interaction...

Thomas Le Coz

Thomas Le Coz

Defense in depth: the importance of the human factor

Defense in depth: the importance of the human factor

A paradox has struck me for several years now. Everyone I speak to is convinced of the predominance of human risk. The internet is full of statistics linking initial access to employee behavior in companies, yet this issue is addressed with...

Thomas Le Coz

Thomas Le Coz

3 advantages Arsen has over Gophish

3 advantages Arsen has over Gophish

At Arsen, we love Gophish. It’s by far the most comprehensive open-source solution for deploying phishing, whether for evaluation, training, or research purposes. That being said, GoPhish has numerous limitations that add significantly to the cost of use. Whether for your business or...

Thomas Le Coz

Thomas Le Coz

Alternatives to GoPhish for Comprehensive Phishing Simulations

Alternatives to GoPhish for Comprehensive Phishing Simulations

Phishing simulation tools have become the front line of defense in cybersecurity training. By mimicking real-life phishing attempts, these tools assess human vulnerability in digital landscapes. One such popular tool is GoPhish. However, as cybersecurity threats evolve, so too must...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Use of AI in Social Engineering Attacks

Use of AI in Social Engineering Attacks

From phishing to fake transfer scams, social engineering is rampant. User manipulation is responsible for a large number of cyberattacks, and the situation is not improving. Simultaneously, the rapid development of large language models, or LLMs, and the generative AI of late...

Thomas Le Coz

Thomas Le Coz

The Multi-Scenario Campaigns

The Multi-Scenario Campaigns

A new feature has arrived on Arsen: multi-scenario campaigns. It allows you to use multiple phishing scenarios within a single campaign. The benefit? Stay realistic by not targeting all your employees in the same way. In fact, a hacker would prefer to...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Our most versatile phishing scenarios

Our most versatile phishing scenarios

Utiliser des scénarios polyvalents dans un [test de phishing](https://arsen.co/test-phishing) permet de cibler efficacement un large effectif avec peu de personnalisation. Une fausse alerte de sécurité vis-à-vis d’un compte Google peut par exemple cibler des personnes de services différents tout en restant...

Thomas Le Coz

Thomas Le Coz

USB Drop: Discover the USB drive powered attack

USB Drop: Discover the USB drive powered attack

An attack via USB drive, also known as USB Drop, is a danger that is still underestimated. USB drives are very effective in helping us store and transport small amounts of data. We use them regularly, and many people cannot...

Thomas Le Coz

Thomas Le Coz

"OVH: Domain suspension", analysis of the phishing campaign

"OVH: Domain suspension", analysis of the phishing campaign

At Arsen, we help businesses protect themselves against phishing. Part of this work involves simulating attacks on employees. We are therefore particularly attentive to real attacks that can be observed online in order to constantly update our simulations to be representative...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

How to customize a scenario with Arsen?

How to customize a scenario with Arsen?

In this article, we will see how to customize a phishing test with Arsen. More specifically, what elements can be included in the email to have a realistic, personalized, and more or less difficult scenario? Before using Arsen, make sure you are...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

How to report a fraudulent email?

How to report a fraudulent email?

Learn how to report a fraudulent email is a crucial step in the fight against phishing. In an ideal world, everyone facing a phishing attempt would report it, as it contributes to the fight against phishing. Despite various protections and anti-phishing...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

How to effectively raise awareness against phishing?

How to effectively raise awareness against phishing?

Today, enough companies do not test, train, or sensitize their employees frequently enough to make the hacker profession attractive. By conducting a campaign once a year or every six months, you are not up to date on the ecosystem, threats, and...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Choosing the right schedule for your phishing simulations

Choosing the right schedule for your phishing simulations

When you want to test the resilience of your company to phishing attacks, you must choose certain parameters such as your targets, the type of campaign, or the scenario. A parameter rarely mentioned but which has a strong influence on the...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

The cybersecurity of nomadic remote work

The cybersecurity of nomadic remote work

After seeing how to secure your remote work at home, we will now talk about mobility situations: working remotely outside. Laptops are blossoming on café terraces and it is pleasant to answer a few emails between appointments while sipping a refreshing...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Companies: How to secure teleworking

Companies: How to secure teleworking

The use of teleworking has exploded and represents a major trend. This brings new challenges in terms of cybersecurity. Between the perceived improvement in quality of life for many employees and the assurance of a minimum continuity of activity in the...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

How to effectively raise awareness against phishing?

How to effectively raise awareness against phishing?

In this video, we explain [how to effectively raise awareness against phishing](https://arsen.co/blog/sensibiliser-efficacement-phishing). The objective of this awareness is to improve the behavior of employees in the face of attacks. An employee who is not properly sensitized is an integral part of...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

What is phishing?

What is phishing?

Whether it's clicking on a malicious link or sending confidential data to a fake third party, if the threat is always external, 90% of effective cyber attacks involve an error resulting from human exploitation. It is based on this fact...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

What are the results to observe during a phishing simulation?

What are the results to observe during a phishing simulation?

During a phishing simulation, you will retrieve behavioral data and be able to determine your level of resilience. But what are the results to observe following a false phishing campaign and how to exploit them?

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Why generate a random password?

Why generate a random password?

Often, when an individual needs to create a new password, they will rack their brains and choose personal information that relates to them, then modify it by changing elements or adding special characters. Unfortunately, this is a bad strategy: all of...

Thomas Le Coz

Thomas Le Coz

How to properly manage your passwords

How to properly manage your passwords

Managing identification, and more specifically passwords, is a key lever in cybersecurity. This is part of [good cybersecurity practices](/blog/personal-cybersecurity): if you have a good password policy in place, it is harder to attack and compromise your accounts, whether they are professional...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

What is Juice Jacking ?

What is Juice Jacking ?

Juice jacking is a type of cyber attack that exploits USB charging cables or chargers to compromise devices with USB ports, especially mobile phones. Charging cables don't just power your phone's battery. They also facilitate data transfer, like when importing photos...

Thomas Le Coz

Thomas Le Coz

General cybersecurity recommendations for businesses

General cybersecurity recommendations for businesses

Very often during discussions with our clients, we realize that some basics of cybersecurity are not necessarily mastered. It is both common and dangerous. Cybersecurity is everyone's business and it is important to communicate and educate each employee about the basic rules...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Classification of the difficulty level of phishing

Classification of the difficulty level of phishing

Not all phishing emails are equal. When I ask someone what they think of a "phishing email," the descriptions are very varied. Among these descriptions, the level of difficulty, that is to say, how difficult it is to detect the fraud, also...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

The click campaigns

The click campaigns

Click campaigns are now available on Arsen! When you schedule a phishing campaign, it is possible to do Credential Harvesting or a click campaign. If an employee clicks on the link during a credential harvesting training campaign, they will be redirected to...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Lessons learned from over 30,000 phishing simulations

Lessons learned from over 30,000 phishing simulations

After observing more than 30,000 phishing email simulations launched by the Arsen platform, we have drawn some lessons that we wanted to share.

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Successfully conducting a phishing simulation

Successfully conducting a phishing simulation

Why conduct a fake phishing exercise? Phishing is the entry point for 91% of attacks*. The objective of phishing simulations is to prevent the hacking of your company in order to avoid financial losses.

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

How to effectively train your collaborators following a phishing simulation?

How to effectively train your collaborators following a phishing simulation?

Orchestrating realistic phishing simulations is only a first step in improving your company's resilience. Therefore, we will examine how to properly train your employees following a phishing simulation. Post-campaign awareness is crucial in anti-phishing training. This is the stage where you...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Good practices of personal cybersecurity

Good practices of personal cybersecurity

We live in an increasingly connected world. Everyone has a phone with capabilities that surpass most computers available a few years ago, telecommuting is strengthening, most employees have a professional laptop, and our coffee machines are connected to the Internet. In...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Defeating Multi-factor Authentication through a Simple Phishing Email

Defeating Multi-factor Authentication through a Simple Phishing Email

In this article, I will show you in a video how, from a simple phishing email, we can bypass multi-factor authentication, also known as MFA or 2FA."

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Solutions against ransomware

Solutions against ransomware

Ransomwares are becoming increasingly present on our systems. Reveton, WannaCry, Cryptolocker, REvil: if you know these names, it's because they are all ransomwares that have caused significant damage. Ransomware is the monetization method for many hacking groups and represents a real...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

CryptoLocker

CryptoLocker

Following the popularization of Bitcoin, ransomwares have come back into fashion. CryptoLocker is the first notable ransomware to use cryptocurrency to facilitate ransom payments. In this article, we discuss the main features and history of this ransomware.

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

How often to conduct phishing simulations?

How often to conduct phishing simulations?

When a company adopts a new phishing simulation solution, the question often arises: "How often should I conduct phishing simulations?" The frequency of phishing simulations is a crucial parameter in the fight against phishing. However, some companies do not define it...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Phishing: How does Monisnap protect itself?

Phishing: How does Monisnap protect itself?

"I don't think we are at risk: we have a very technical and educated team on the subject, but I would like to be sure..." This is the first exchange we had with Jonathan Brossard, CTO of Monisnap. Monisnap is a...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Emotet: the malware that disrupted the private sector for 7 years.

Emotet: the malware that disrupted the private sector for 7 years.

Originally, Emotet was a banking Trojan malware. Its role was to discreetly infiltrate computers in order to steal sensitive information such as banking details. The malware carried out malicious tasks such as software deletion, copying onto other physically connected devices,...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

What is catfishing, and how to protect from it?

What is catfishing, and how to protect from it?

In March 2021, the top 10 dating sites in France recorded 46.4 million visits, according to a study conducted by [monpetitdate](https://www.monpetitdate.fr/etude-statistiques-sites-de-rencontre/). Dating apps have become genuine tools for finding one's future partner. However, these apps are not used solely for...

Thomas Le Coz

Thomas Le Coz

WannaCry, the biggest ransomware heist in history

WannaCry, the biggest ransomware heist in history

WannaCry is the ransomware behind one of the most significant ransomware attacks. In this article, we look back at the history of this particularly virulent ransomware.

Thomas Le Coz

Thomas Le Coz

Managing the risks tied to phishing

Managing the risks tied to phishing

The risks associated with phishing are often underestimated. Many still believe that the consequences are limited to having to change a few passwords, scan their network, or even have a comprehensive security policy. However, as we will see, phishing can have...

Thomas Le Coz

Thomas Le Coz

BEC Definition: Understanding Business Email Compromise

BEC Definition: Understanding Business Email Compromise

The compromise of email addresses, or Business Email Compromise (BEC), is a popular attack aimed at compromising a company's mailbox for malicious purposes. The simplest monetization is generally to request a fund transfer from the corrupted address or a change...

Thomas Le Coz

Thomas Le Coz

Instagram Phishing: Risks and Protection Measures

Instagram Phishing: Risks and Protection Measures

Instagram is a highly popular social network, making phishing on the platform equally prevalent. According to the "Digital Report 2021" by Hootsuite and We Are Social, Instagram ranks fifth among the most downloaded apps with 1.221 billion active users. Notably,...

Thomas Le Coz

Thomas Le Coz

The slow but steady evolution of phishing attacks

The slow but steady evolution of phishing attacks

Discover the evolution of phishing attacks over time, from the first phishing attack to the most advanced attacks occurring today.

Alexandre Esser

Alexandre Esser

Cybersecurity and work from home

Cybersecurity and work from home

In this article, we will focus on cybersecurity at home, or how to secure your telecommuting from home. The rules and best practices explained in this article apply to telecommuting of all kinds, but if you prefer the smell of coffee...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Why are you losing money with your awareness solution?

Why are you losing money with your awareness solution?

In this article, we will discuss the limitations of different awareness solutions. The goal is not to criticize these types of solutions, but to present the missing parts so that you can either fill them or choose a more comprehensive...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

What to do after a phishing simulation?

What to do after a phishing simulation?

It is not always easy to know the steps that follow a [phishing test](https://arsen.co/test-phishing). Many of our clients contact us initially for a phishing test and ask us what they should do once the results are collected. In this article, we...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

How does a phishing test take place?

How does a phishing test take place?

In this article, we will analyze the process of a phishing test, from its setup to reporting. We will discuss framing, technical deployment, execution, and post-mortem of the exercise.

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

What is social engineering?

What is social engineering?

Social engineering is a malicious practice aimed at manipulating an individual or a society. The goal is for them to take actions without realizing the consequences. Being persuasive and establishing trust in the exchange is crucial to reduce the victim's...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

What is Smishing?

What is Smishing?

Did you know that SMS has an average open rate of over 95%? The definition of smishing is a digital attack through SMS that can have serious consequences. SMS marketing has become a strategy that many companies use. Unfortunately, hackers...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Managing Campaigns as a Team.

Managing Campaigns as a Team.

Managing numerous phishing campaigns takes time. That's why many of our clients share the various tasks related to phishing test management or scenario design. Our awareness platform allows you to create operator or spectator access to work as a team on...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Securing telecommuting: the complete guide

Securing telecommuting: the complete guide

How to secure telecommuting? In recent months, we have published various articles on cybersecurity and telecommuting. Indeed, the context of the health crisis has led to an increase in telecommuting. Sometimes implemented in a hurry, this brings its share of risks...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

"Browser in the Browser": A New Variant of Phishing

"Browser in the Browser": A New Variant of Phishing

A new variant of phishing has been observed lately, called Browser in the Browser (BitB). It is simply an attack aiming to deceive usual human detection techniques by generating a fake window inside a real window. Indeed, most of the time,...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

How to assess your risk when faced with phishing?

How to assess your risk when faced with phishing?

Phishing is the entry point for 90% of cyberattacks today. This threat poses various risks to a company, including organizational, reputational, financial, and legal risks. It is therefore interesting to question how to assess the risk of a phishing attack for...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

The phishing of Instagram accounts

The phishing of Instagram accounts

Instagram is a very popular social network, so it is logical that phishing on Instagram is just as popular. According to a study, "Digital Report 2021" published by Hootsuite and We Are Social, Instagram is the 5th most downloaded application...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Why carry out phishing simulations with groups of employees?

Why carry out phishing simulations with groups of employees?

The aim of your phishing campaigns is to get as close as possible to real attacks threatening your company in order to improve your resilience against them. Some hackers are increasingly focusing on the quality of their emails rather than...

Lïa Desmousseaux de Givré

Lïa Desmousseaux de Givré

Examples of vishing attacks

Examples of vishing attacks

Vishing, or voice phishing, is a form of phone scam where attackers impersonate trusted entities to trick victims into revealing sensitive information. In this article, we'll look at common vishing examples. Understanding these tactics can help you identify and protect...

Thomas Le Coz

Thomas Le Coz

Protect Your Business Against Phishing

Discover how our phishing simulations can effectively reduce your human attack surface.

Request a Demo