
Social Engineering Examples: Real-World Tactics
How can you protect your organization from social engineering attacks and their adverse impacts? This article explores different attack strategies, real-world examples, and prevention methods.

Domain Doppelgängers: Protecting Against Domain Spoofing
Cybersecurity threats continue to evolve, and one of the rising concerns for businesses is the domain doppelganger. These deceptive domains are crafted to mimic legitimate websites, luring...

AIDS Trojan Analysis: Early Malware Case Study
The AIDS Trojan, also known as the AIDS Information Diskette Trojan, is widely recognized as one of the earliest examples of ransomware* Its appearance in 1989 shocked the nascent world of...

Remote Access Trojans: Risks and Remediation
Remote Access Trojans (RATs) are a dangerous form of malware that allows cybercriminals to gain unauthorized access and control over an infected computer or network. Understanding the risks posed by...

Ransomware Simulator: Testing Your Defenses
In today's cybersecurity landscape, ransomware remains a top threat to organizations of all sizes. A ransomware attack can lock down your systems, encrypt your data, and demand a hefty ransom for its...

Locky Ransomware Explained: Protection Strategies
Locky ransomware is a notorious form of malware that emerged in 2016, targeting businesses and individuals alike. This sophisticated ransomware spreads primarily through malicious email attachments...

Bad Rabbit Ransomware: Understanding the Threat
In the world of cybersecurity, Bad Rabbit ransomware has made headlines as one of the more sophisticated and dangerous ransomware attacks. This malware first surfaced in 2017, targeting companies...

WannaCry Ransomware Attack: A Case Study
The WannaCry ransomware attack, which occurred in May 2017, stands as one of the most significant and destructive cyberattacks in recent history. It serves as a critical lesson for organizations...

Ransomware Definition: What is it & How to Secure your Data?
Ransomware is one of the most prominent cyber threats today, targeting both individuals and organizations alike. In this article, we will dive into the ransomware definition, how it works, and the...

Ransomware Attacks: Effective Defense Strategies
Ransomware attacks have rapidly become one of the most disruptive forms of cybercrime, targeting businesses of all sizes. By encrypting valuable data and demanding a ransom for its release, these...

Regulatory Compliance: Adhering to Laws and Regulations
In today's digital age, regulatory compliance is a critical aspect of running a successful business. Ensuring that your company adheres to applicable laws and regulations helps avoid legal penalties,...

Compliance Risk: Identification and Mitigation
In today's highly regulated business landscape, compliance risk is a critical concern for organizations across industries. Failing to comply with laws and regulations can result in severe penalties,...

Compliance Monitoring: Ensuring Policy Adherence
Effective compliance monitoring is critical for ensuring that organizations consistently adhere to internal policies and regulatory requirements. As companies face increasing scrutiny from regulatory...

Compliance Management: Effective Strategies
Effective compliance management is essential for organizations to meet legal obligations, protect their reputation, and maintain operational integrity. As regulations evolve, businesses must adopt...

CCPA (California Consumer Privacy Act) Compliance: Complete 2024 Guide
The California Consumer Privacy Act (CCPA) is a pivotal data privacy law that grants consumers more control over their personal information. For businesses operating in or interacting with California...

IT Compliance: Navigating Regulations in Tech
In today’s rapidly evolving tech landscape, **IT compliance** plays a critical role in ensuring organizations meet legal and regulatory requirements. Failure to comply can lead to severe penalties,...

What is a VPN and How Does It Work?
In today's increasingly digital world, safeguarding online privacy has become more crucial than ever. One of the most effective ways to protect your personal information while browsing the web is by...

What Does VPN Stand For? Understanding Its Use
In today’s interconnected world, ensuring your online privacy and security is more crucial than ever. One of the most effective tools for safeguarding your digital presence is a **VPN**. But what...

VPN Definition: Virtual Private Networks Best Practices
A VPN (Virtual Private Network) is a tool that enhances your online security by encrypting your internet connection and masking your IP address. This makes it an essential part of modern digital...

Examples of Data Breaches and Lessons Learned
Data breaches have become a persistent threat to organizations of all sizes. By analyzing data breaches examples, we can uncover key lessons for safeguarding sensitive information. Below are some...

Data Breach Response and Prevention Strategies
In today’s digital landscape, data breaches are a constant threat. Companies of all sizes are vulnerable to these attacks, making it crucial to adopt effective prevention and response strategies....

How Do People Get Doxxed? | Risks and Prevention Tips
Doxxing, short for “document tracing,” refers to the act of publicly disclosing someone’s personal information, like their real name, home address, phone number, or even financial data, without...

Pretexting Definition: The Art of Deceptive Information Gathering
Pretexting is a social engineering tactic that involves creating a fabricated scenario to deceive an individual into disclosing sensitive information. Unlike other forms of cyberattacks, pretexting...

What is Pretexting? | Understanding Social Engineering
Pretexting is a sophisticated social engineering technique used by cybercriminals to manipulate individuals into divulging sensitive information. But what is pretexting exactly, and how does it work?...

SSTP: Secure Socket Tunneling Protocol Explained
The Secure Socket Tunneling Protocol (SSTP) is an important player in ensuring secure and private communication over the internet. Often used in Virtual Private Networks (VPNs), SSTP provides a...

Enhancing DNS Security: Best Practices
In today's digital landscape, DNS security is a crucial aspect of safeguarding any organization’s network. The Domain Name System (DNS) acts like the internet’s phonebook, translating domain names...

SMTP Relay: Facilitating Efficient Email Delivery
In the world of email communications, SMTP relay plays a critical role in ensuring that emails are delivered efficiently across networks. Whether you're a business sending newsletters or...

Sendmail: Configuring Email Servers for Security
Sendmail is a widely-used mail transfer agent (MTA) that handles the delivery of email across networks. It’s been a cornerstone of email server infrastructure for decades, primarily on Unix-based...

Typosquatting: How Misspellings Can Lead to Fraud
Typosquatting, also known as URL hijacking, is a form of cyberattack that exploits common typing mistakes made by users when entering website addresses. A single misspelling can redirect users to...

Social Engineering Definition: Cybersecurity Best Practices
Social engineering is a technique used by cybercriminals to manipulate individuals into revealing confidential information or performing actions that compromise security. Rather than hacking systems...

PII Meaning: Definition of Personal Identifiable Information
In today's digital world, the term "PII" (Personally Identifiable Information) has become central to discussions around cybersecurity and privacy. But what exactly is PII, and why is it so important...

Watering Hole Attacks: Identification and Prevention
Watering hole attacks are an increasingly sophisticated cyber threat, targeting specific groups or organizations by compromising websites they frequently visit. In this article, we will break down...

DNS Meaning: What Does DNS Stand For?
When exploring the complex world of the internet, the term "DNS" frequently pops up. But what does DNS stand for, and why is it important? This article will break down the DNS meaning and explain its...

What is Doxxing? | Understanding Online Exposure
In today’s digital age, personal information is more accessible than ever, and this has given rise to a dangerous practice known as doxxing. But what is doxing? Simply put, doxxing (also spelled...

PII (Personal Identifiable Information): How to Protect Your Privacy?
In today’s digital age, Personal Identifiable Information (PII) is more vulnerable than ever. With cybercriminals targeting sensitive data to commit identity theft or fraud, safeguarding your PII is...

Employee Phishing Training: Building Defense Skills
Phishing training for employees is essential in building defense skills against cyberattacks. By educating employees on how to recognize and respond to phishing attempts, businesses can reduce the...

Phishing Training: Essential for Employee Security
Phishing training is essential for protecting your organization from cyberattacks. By educating employees on how to recognize and respond to phishing threats, you can reduce the risk of data breaches...

Phishing Awareness: Educating to Prevent Attacks
Phishing awareness is essential to safeguarding your business from cyberattacks. Learn how to recognize phishing attempts, understand common tactics used by attackers, and implement strategies to...

Quishing: When Phishing Meets QR Codes
Quishing is a new phishing tactic where attackers use malicious QR codes to deceive users into visiting fraudulent websites or downloading harmful software. Learn how quishing works, real-world...

Alternatives to GoPhish for Comprehensive Phishing Simulations
Phishing simulation tools have become the front line of defense in cybersecurity training. By mimicking real-life phishing attempts, these tools assess human vulnerability in digital landscapes. One...

The Multi-Scenario Campaigns
A new feature has arrived on Arsen: multi-scenario campaigns. It allows you to use multiple phishing scenarios within a single campaign. The benefit? Stay realistic by not targeting all your...

"OVH: Domain suspension", analysis of the phishing campaign
At Arsen, we help businesses protect themselves against phishing. Part of this work involves simulating attacks on employees. We are therefore particularly attentive to real attacks that can be...
How to customize a scenario with Arsen?
In this article, we will see how to customize a phishing test with Arsen. More specifically, what elements can be included in the email to have a realistic, personalized, and more or less difficult...

How to report a fraudulent email?
Learn how to report a fraudulent email is a crucial step in the fight against phishing. In an ideal world, everyone facing a phishing attempt would report it, as it contributes to the fight against...

How to effectively raise awareness against phishing?
Today, enough companies do not test, train, or sensitize their employees frequently enough to make the hacker profession attractive. By conducting a campaign once a year or every six months, you are...
Choosing the right schedule for your phishing simulations
When you want to test the resilience of your company to phishing attacks, you must choose certain parameters such as your targets, the type of campaign, or the scenario. A parameter rarely mentioned...
The cybersecurity of nomadic remote work
After seeing how to secure your remote work at home, we will now talk about mobility situations: working remotely outside. Laptops are blossoming on café terraces and it is pleasant to answer a few...

Companies: How to secure teleworking
The use of teleworking has exploded and represents a major trend. This brings new challenges in terms of cybersecurity. Between the perceived improvement in quality of life for many employees and...

How to effectively raise awareness against phishing?
In this video, we explain [how to effectively raise awareness against phishing](https://arsen.co/blog/sensibiliser-efficacement-phishing). The objective of this awareness is to improve the behavior...

What is phishing? Cyberattack's most popular initial access vector
Whether it's clicking on a malicious link or sending confidential data to a fake third party, if the threat is always external, 90% of effective cyber attacks involve an error resulting from human...

What are the results to observe during a phishing simulation?
During a phishing simulation, you will retrieve behavioral data and be able to determine your level of resilience. But what are the results to observe following a false phishing campaign and how to...

How to properly manage your passwords
Managing identification, and more specifically passwords, is a key lever in cybersecurity. This is part of [good cybersecurity practices](/blog/personal-cybersecurity): if you have a good password...
General cybersecurity recommendations for businesses
Very often during discussions with our clients, we realize that some basics of cybersecurity are not necessarily mastered. It is both common and dangerous. Cybersecurity is everyone's business and...

Classification of the difficulty level of phishing
Not all phishing emails are equal. When I ask someone what they think of a "phishing email," the descriptions are very varied. Among these descriptions, the level of difficulty, that is to say, how...
Click campaigns: lightweight phishing simulations to train people
Click campaigns are now available on Arsen! When you schedule a phishing campaign, it is possible to do Credential Harvesting or a click campaign. If an employee clicks on the link during a...
Lessons learned from over 30,000 phishing simulations
After observing more than 30,000 phishing email simulations launched by the Arsen platform, we have drawn some lessons that we wanted to share.
Successfully conducting a phishing simulation
Why conduct a fake phishing exercise? Phishing is the entry point for 91% of attacks*. The objective of phishing simulations is to prevent the hacking of your company in order to avoid financial...

How to train your collaborators following a phishing simulation?
Orchestrating realistic phishing simulations is only a first step in improving your company's resilience. Therefore, we will examine how to properly train your employees following a phishing...
Good practices of personal cybersecurity
We live in an increasingly connected world. Everyone has a phone with capabilities that surpass most computers available a few years ago, telecommuting is strengthening, most employees have a...

Defeating Multi-factor Authentication through a Simple Phishing Email
In this article, I will show you in a video how, from a simple phishing email, we can bypass multi-factor authentication, also known as MFA or 2FA."

Solutions against ransomware: how to protect, prevent and fight them
Ransomwares are becoming increasingly present on our systems. Reveton, WannaCry, Cryptolocker, REvil: if you know these names, it's because they are all ransomwares that have caused significant...

What is Cryptolocker? Presentation, infection and defence strategies
Cryptolocker is a notorious type of ransomware that has become a major threat in the world of cybersecurity. This malicious software is designed to encrypt a victim's files and demand payment,...

How often to conduct phishing simulations?
When a company adopts a new phishing simulation solution, the question often arises: "How often should I conduct phishing simulations?" The frequency of phishing simulations is a crucial parameter...
Phishing: How does Monisnap protect itself?
"I don't think we are at risk: we have a very technical and educated team on the subject, but I would like to be sure..." This is the first exchange we had with Jonathan Brossard, CTO of...

Emotet: the malware that disrupted the private sector for 7 years.
Originally, Emotet was a banking Trojan malware. Its role was to discreetly infiltrate computers in order to steal sensitive information such as banking details. The malware carried out malicious...
Cybersecurity and work from home
In this article, we will focus on cybersecurity at home, or how to secure your telecommuting from home. The rules and best practices explained in this article apply to telecommuting of all kinds,...

Why are you losing money with your awareness solution?
In this article, we will discuss the limitations of different awareness solutions. The goal is not to criticize these types of solutions, but to present the missing parts so that you can either fill...
What to do after a phishing simulation?
It is not always easy to know the steps that follow a [phishing test](https://arsen.co/test-phishing). Many of our clients contact us initially for a phishing test and ask us what they should do once...
How does a phishing test take place?
In this article, we will analyze the process of a phishing test, from its setup to reporting. We will discuss framing, technical deployment, execution, and post-mortem of the exercise.

What is social engineering?
Social engineering is a malicious practice aimed at manipulating an individual or a society. The goal is for them to take actions without realizing the consequences. Being persuasive and establishing...

What is Smishing? Definition, mechanisms, identifcation and examples
Did you know that SMS has an average open rate of over 95%? The definition of smishing is a digital attack through SMS that can have serious consequences. SMS marketing has become a strategy that...

Managing Campaigns as a Team.
Managing numerous phishing campaigns takes time. That's why many of our clients share the various tasks related to phishing test management or scenario design. Our awareness platform allows you to...

Securing telecommuting: the complete guide
How to secure telecommuting? In recent months, we have published various articles on cybersecurity and telecommuting. Indeed, the context of the health crisis has led to an increase in...

"Browser in the Browser": A New Variant of Phishing
A new variant of phishing has been observed lately, called Browser in the Browser (BitB). It is simply an attack aiming to deceive usual human detection techniques by generating a fake window inside...

How to assess your risk when faced with phishing?
Phishing is the entry point for 90% of cyberattacks today. This threat poses various risks to a company, including organizational, reputational, financial, and legal risks. It is therefore...

The phishing of Instagram accounts
Instagram is a very popular social network, so it is logical that phishing on Instagram is just as popular. According to a study, "Digital Report 2021" published by Hootsuite and We Are Social,...

Why carry out phishing simulations with groups of employees?
The aim of your phishing campaigns is to get as close as possible to real attacks threatening your company in order to improve your resilience against them. Some hackers are increasingly focusing on...