Defense in depth: the importance of the human factor
A paradox has struck me for several years now. Everyone I speak to is convinced of the predominance of human risk. The internet is full of statistics linking initial access to employee behavior in companies, yet this issue is addressed with only a fraction of the resources allocated to other layers of security. “Awareness” is often relegated to a matter of compliance. We hurry to find a solution that allows us to tick the necessary boxes to meet...
Thomas Le Coz
3 advantages Arsen has over Gophish
At Arsen, we love Gophish. It’s by far the most comprehensive open-source solution for deploying phishing, whether for evaluation, training, or research purposes. That being said, GoPhish has numerous limitations that add significantly to the cost of use. Whether for your business or...
Thomas Le Coz
Alternatives to GoPhish for Comprehensive Phishing Simulations
Phishing simulation tools have become the front line of defense in cybersecurity training. By mimicking real-life phishing attempts, these tools assess human vulnerability in digital landscapes. One such popular tool is GoPhish. However, as cybersecurity threats evolve, so too must...
Lïa Desmousseaux de Givré
The Multi-Scenario Campaigns
A new feature has arrived on Arsen: multi-scenario campaigns. It allows you to use multiple phishing scenarios within a single campaign. The benefit? Stay realistic by not targeting all your employees in the same way. In fact, a hacker would prefer to...
Lïa Desmousseaux de Givré
USB Drop: Discover the USB drive powered attack
An attack via USB drive, also known as USB Drop, is a danger that is still underestimated. USB drives are very effective in helping us store and transport small amounts of data. We use them regularly, and many people cannot...
Thomas Le Coz
"OVH: Domain suspension, analysis of the phishing campaign."
At Arsen, we help businesses protect themselves against phishing. Part of this work involves simulating attacks on employees. We are therefore particularly attentive to real attacks that can be observed online in order to constantly update our simulations to be representative...
Lïa Desmousseaux de Givré
How to customize a scenario with Arsen?
In this article, we will see how to customize a phishing test with Arsen. More specifically, what elements can be included in the email to have a realistic, personalized, and more or less difficult scenario? Before using Arsen, make sure you are...
Lïa Desmousseaux de Givré
How to report a fraudulent email?
Learn how to report a fraudulent email is a crucial step in the fight against phishing. In an ideal world, everyone facing a phishing attempt would report it, as it contributes to the fight against phishing. Despite various protections and anti-phishing...
Lïa Desmousseaux de Givré
How to effectively raise awareness against phishing?
Today, enough companies do not test, train, or sensitize their employees frequently enough to make the hacker profession attractive. By conducting a campaign once a year or every six months, you are not up to date on the ecosystem, threats, and...
Lïa Desmousseaux de Givré
Choosing the right schedule for your phishing simulations
When you want to test the resilience of your company to phishing attacks, you must choose certain parameters such as your targets, the type of campaign, or the scenario. A parameter rarely mentioned but which has a strong influence on the...
Lïa Desmousseaux de Givré
The cybersecurity of remote work outside.
After seeing how to secure your remote work at home, we will now talk about mobility situations: working remotely outside. Laptops are blossoming on café terraces and it is pleasant to answer a few emails between appointments while sipping a refreshing...
Lïa Desmousseaux de Givré
Companies: How to secure teleworking
The use of teleworking has exploded and represents a major trend. This brings new challenges in terms of cybersecurity. Between the perceived improvement in quality of life for many employees and the assurance of a minimum continuity of activity in the...
Lïa Desmousseaux de Givré
How to effectively raise awareness against phishing?
In this video, we explain [how to effectively raise awareness against phishing](https://arsen.co/blog/sensibiliser-efficacement-phishing). The objective of this awareness is to improve the behavior of employees in the face of attacks. An employee who is not properly sensitized is an integral part of...
Lïa Desmousseaux de Givré
What is phishing?
Whether it's clicking on a malicious link or sending confidential data to a fake third party, if the threat is always external, 90% of effective cyber attacks involve an error resulting from human exploitation. It is based on this fact...
Lïa Desmousseaux de Givré
Which type of phishing simulation to choose?
Training against phishing involves practice. Just like raising awareness, there are many ways to do it. At Arsen, we believe that there are two main types of simulation for your phishing exercises: a realistic simulation and a simulation more focused on...
Lïa Desmousseaux de Givré
What are the results to observe during a phishing simulation?
During a phishing simulation, you will retrieve behavioral data and be able to determine your level of resilience. But what are the results to observe following a [false phishing campaign](/phishing-large-companies) and how to exploit them? KPI Definitions Click rate, compromise rate, reporting...
Lïa Desmousseaux de Givré
Why generate a random password?
Often, when an individual needs to create a new password, they will rack their brains and choose personal information that relates to them, then modify it by changing elements or adding special characters. Unfortunately, this is a bad strategy: all of...
Thomas Le Coz
How to properly manage your passwords
Managing identification, and more specifically passwords, is a key lever in cybersecurity. This is part of [good cybersecurity practices](/blog/personal-cybersecurity): if you have a good password policy in place, it is harder to attack and compromise your accounts, whether they are professional...
Lïa Desmousseaux de Givré
What is Juice Jacking ?
Juice jacking is a type of cyber attack that exploits USB charging cables or chargers to compromise devices with USB ports, especially mobile phones. Charging cables don't just power your phone's battery. They also facilitate data transfer, like when importing photos...
Thomas Le Coz
General cybersecurity recommendations for businesses
Very often during discussions with our clients, we realize that some basics of cybersecurity are not necessarily mastered. It is both common and dangerous. Cybersecurity is everyone's business and it is important to communicate and educate each employee about the basic rules...
Lïa Desmousseaux de Givré
Classification of the difficulty level of phishing.
Not all phishing emails are equal. When I ask someone what they think of a "phishing email," the descriptions are very varied. Among these descriptions, the level of difficulty, that is to say, how difficult it is to detect the fraud, also...
Lïa Desmousseaux de Givré
The click campaigns
Click campaigns are now available on Arsen! When you schedule a phishing campaign, it is possible to do Credential Harvesting or a click campaign. If an employee clicks on the link during a credential harvesting training campaign, they will be redirected to...
Lïa Desmousseaux de Givré
Lessons learned from over 30,000 phishing simulations
After observing more than 30,000 phishing email simulations launched by the Arsen platform, we have drawn some lessons that we wanted to share.
Lïa Desmousseaux de Givré
Successfully conducting a phishing simulation
Why conduct a fake phishing exercise? Phishing is the entry point for 91% of attacks*. The objective of phishing simulations is to prevent the hacking of your company in order to avoid financial losses.
Lïa Desmousseaux de Givré
How to effectively train your collaborators following a phishing simulation?
Orchestrating realistic phishing simulations is only a first step in improving your company's resilience. Therefore, we will examine how to properly train your employees following a phishing simulation. Post-campaign awareness is crucial in anti-phishing training. This is the stage where you...
Lïa Desmousseaux de Givré
Good practices of personal cybersecurity
We live in an increasingly connected world. Everyone has a phone with capabilities that surpass most computers available a few years ago, telecommuting is strengthening, most employees have a professional laptop, and our coffee machines are connected to the Internet. In...
Lïa Desmousseaux de Givré
Defeating Multi-factor Authentication through a Simple Phishing Email.
"You know, we are protected against phishing because we have implemented multi-factor authentication. We have heard this sentence too many times. As you know, at Arsen we are very committed to raising awareness among employees about cybersecurity. Where a trained and aware...
Lïa Desmousseaux de Givré
Solutions against ransomware
Ransomwares are becoming increasingly present on our systems. Reveton, WannaCry, Cryptolocker, REvil: if you know these names, it's because they are all ransomwares that have caused significant damage. Ransomware is the monetization method for many hacking groups and represents a real...
Lïa Desmousseaux de Givré
CryptoLocker
Following the popularization of Bitcoin, ransomwares have come back into fashion. CryptoLocker is the first notable ransomware to use cryptocurrency to facilitate ransom payments. In this article, we discuss the main features and history of this ransomware.
Lïa Desmousseaux de Givré
How often to conduct phishing simulations?
When a company adopts a new phishing simulation solution, the question often arises: "How often should I conduct phishing simulations?" The frequency of phishing simulations is a crucial parameter in the fight against phishing. However, some companies do not define it...
Lïa Desmousseaux de Givré
Phishing: How does Monisnap protect itself?
"I don't think we are at risk: we have a very technical and educated team on the subject, but I would like to be sure..." This is the first exchange we had with Jonathan Brossard, CTO of Monisnap. Monisnap is a...
Lïa Desmousseaux de Givré
Emotet: the malware that disrupted the private sector for 7 years.
Originally, Emotet was a banking Trojan malware. Its role was to discreetly infiltrate computers in order to steal sensitive information such as banking details. The malware carried out malicious tasks such as software deletion, copying onto other physically connected devices,...
Lïa Desmousseaux de Givré
What is catfishing, and how to protect from it?
En mars 2021, les 10 principaux sites de rencontres en France ont enregistré 46,4 millions de visites selon une étude réalisée par [monpetitdate](https://www.monpetitdate.fr/etude-statistiques-sites-de-rencontre/). Les applications de rencontre sont devenues de véritables outils pour trouver sa future moitié. Cependant, ces applications...
Thomas Le Coz
The slow but steady evolution of phshing — PART I
From the early days of phishing to the present, almost 30 years have passed, with a constant evolution of the techniques used by cybercriminals. These fraudsters have been active for much longer than the emergence of the first phishing emails: from...
Alexandre Esser
WannaCry, the biggest ransomware heist in history
WannaCry is the ransomware behind one of the most significant ransomware attacks. In this article, we look back at the history of this particularly virulent ransomware.
Thomas Le Coz
Managing the risks tied to phishing
The risks associated with phishing are often underestimated. Many still believe that the consequences are limited to having to change a few passwords, scan their network, or even have a comprehensive security policy. However, as we will see, phishing can have...
Thomas Le Coz
BEC Definition: Understanding Business Email Compromise
The compromise of email addresses, or Business Email Compromise (BEC), is a popular attack aimed at compromising a company's mailbox for malicious purposes. The simplest monetization is generally to request a fund transfer from the corrupted address or a change...
Thomas Le Coz
Instagram Phishing: Risks and Protection Measures
Instagram is a highly popular social network, making phishing on the platform equally prevalent. According to the "Digital Report 2021" by Hootsuite and We Are Social, Instagram ranks fifth among the most downloaded apps with 1.221 billion active users. Notably,...
Thomas Le Coz
The slow but steady evolution of phishing attacks — PART II
Mass attacks are becoming increasingly ineffective, giving way to _spear phishing_ attacks, or even "**whaling**" _(whale fishing)_. As the name suggests, a _whaling_ attack is nothing more or less than a spear phishing attack where the victim is a big...
Alexandre Esser
Cybersecurity and work from home
In this article, we will focus on cybersecurity at home, or how to secure your telecommuting from home. The rules and best practices explained in this article apply to telecommuting of all kinds, but if you prefer the smell of coffee...
Lïa Desmousseaux de Givré
Why are you losing money with your awareness solution?
In this article, we will discuss the limitations of different awareness solutions. The goal is not to criticize these types of solutions, but to present the missing parts so that you can either fill them or choose a more comprehensive...
Lïa Desmousseaux de Givré
How to launch a phishing simulation to better protect your company?
At Arsen, we offer two types of phishing simulations: the evaluation simulation which aims to not be detected.
Lïa Desmousseaux de Givré
What to do after a phishing simulation?
It is not always easy to know the steps that follow a [phishing test](https://arsen.co/test-phishing). Many of our clients contact us initially for a phishing test and ask us what they should do once the results are collected. In this article, we...
Lïa Desmousseaux de Givré
How does a phishing test take place?
In this article, we will analyze the process of a phishing test, from its setup to reporting. We will discuss framing, technical deployment, execution, and post-mortem of the exercise.
Lïa Desmousseaux de Givré
"What is social engineering?"
Social engineering is a malicious practice aimed at manipulating an individual or a society. The goal is for them to take actions without realizing the consequences. Being persuasive and establishing trust in the exchange is crucial to reduce the victim's...
Lïa Desmousseaux de Givré
What is Smishing? Definition.
Did you know that SMS has an average open rate of over 95%? The definition of smishing is a digital attack through SMS that can have serious consequences. SMS marketing has become a strategy that many companies use. Unfortunately, hackers...
Lïa Desmousseaux de Givré
Managing Campaigns as a Team.
Managing numerous phishing campaigns takes time. That's why many of our clients share the various tasks related to phishing test management or scenario design. Our awareness platform allows you to create operator or spectator access to work as a team on...
Lïa Desmousseaux de Givré
Securing telecommuting: the complete guide
How to secure telecommuting? In recent months, we have published various articles on cybersecurity and telecommuting. Indeed, the context of the health crisis has led to an increase in telecommuting. Sometimes implemented in a hurry, this brings its share of risks...
Lïa Desmousseaux de Givré
"Browser in the Browser": A New Variant of Phishing
A new variant of phishing has been observed lately, called Browser in the Browser (BitB). It is simply an attack aiming to deceive usual human detection techniques by generating a fake window inside a real window. Indeed, most of the time,...
Lïa Desmousseaux de Givré
How to assess your risk when faced with phishing?
Phishing is the entry point for 90% of cyberattacks today. This threat poses various risks to a company, including organizational, reputational, financial, and legal risks. It is therefore interesting to question how to assess the risk of a phishing attack for...
Lïa Desmousseaux de Givré
The phishing of Instagram accounts.
Instagram is a very popular social network, so it is logical that phishing on Instagram is just as popular. According to a study, "Digital Report 2021" published by Hootsuite and We Are Social, Instagram is the 5th most downloaded application...
Lïa Desmousseaux de Givré
Why carry out phishing simulations with groups of employees?
The aim of your phishing campaigns is to get as close as possible to real attacks threatening your company in order to improve your resilience against them. Some hackers are increasingly focusing on the quality of their emails rather than...
Lïa Desmousseaux de Givré
What is Vishing?
Vishing: definition Vishing (voice + phishing) or phone phishing is a malicious practice that aims to make its victim reveal sensitive information or perform compromising actions. We are used to receiving phone calls from companies for advertising purposes. Among these calls, some...
Lïa Desmousseaux de Givré
Protect Your Business Against Phishing
Discover how our phishing simulations can effectively reduce your human attack surface.
Request a Demo