Phishing

In this article, we’ll explore how to run a vishing simulation campaign so you can equip your staff to resist this growing threat.

Lïa Desmousseaux de Givré

Oct 23, 2024

Call bots, a kind of vishing automation can be used to trick victims and defeat MFA. Here's how.

Thomas Le Coz

Oct 22, 2024

Cybersecurity threats continue to evolve, and one of the rising concerns for businesses is the domain doppelganger. These deceptive domains are crafted to mimic legitimate websites, luring unsuspecting users into phishing attacks and compromising sensitive data. In this article, we’ll...

Lïa Desmousseaux de Givré

Oct 19, 2024

Typosquatting, also known as URL hijacking, is a form of cyberattack that exploits common typing mistakes made by users when entering website addresses. A single misspelling can redirect users to fraudulent websites, exposing them to risks like phishing, malware, and...

Lïa Desmousseaux de Givré

Oct 17, 2024

Phishing comes in different shapes and forms. This means you have a lot of choices when it comes to creating a phishing simulation, and most companies get confused as to what type of simulation they should run. In this article, we'll...

Thomas Le Coz

Oct 3, 2024

In this post, we'll explore the key steps to launch a phishing simulation that will help you protect your company from phishing attacks.

Thomas Le Coz

Oct 3, 2024

Quishing is a new phishing tactic where attackers use malicious QR codes to deceive users into visiting fraudulent websites or downloading harmful software. Learn how quishing works, real-world examples of this scam, and key strategies to protect yourself and your...

Lïa Desmousseaux de Givré

Sep 24, 2024

Identifying common indicators of a phishing attempt is crucial for staying secure online. Look out for suspicious sender addresses, generic greetings, urgent language, unusual links, and requests for sensitive information. Recognizing these red flags can help you avoid falling for...

Arsen Team

Sep 15, 2024

Phishing attacks come in various forms, from deceptive emails to fraudulent text messages. Understanding the types of phishing—including email phishing, spear phishing, smishing, vishing, and clone phishing—can help you identify and protect against these threats. Learn specific strategies to secure...

Arsen Team

Sep 15, 2024

Spear phishing is a targeted cyberattack that uses tailored information to trick individuals or companies into revealing sensitive data. Learn what spear phishing is and discover key prevention tips, such as verifying the sender, being cautious of urgent requests, and...

Arsen Team

Sep 15, 2024

Spear phishing is a targeted form of phishing that uses personalized tactics to deceive specific individuals or organizations. Unlike regular phishing, spear phishing exploits trust by mimicking familiar contacts. Learn how to recognize these targeted threats and implement protective measures...

Arsen Team

Sep 15, 2024

Spam and phishing are common types of unwanted emails, but they serve different purposes and pose different risks. While spam typically promotes products or services, phishing aims to steal sensitive information using deceptive tactics. Understanding spam vs phishing is key...

Arsen Team

Sep 15, 2024

Smishing and phishing are cyber threats that use deception to steal personal information. While phishing typically targets victims through email, smishing uses text messages to trick individuals into revealing sensitive data. Learn how these tactics work and the specific defenses...

Arsen Team

Sep 15, 2024

Phishing scams use deceptive tactics to steal your sensitive information. By understanding different types like spear phishing, smishing, and pharming, you can better navigate these threats. Learn key avoidance techniques, including verifying requests, inspecting URLs, and using security software to...

Arsen Team

Sep 15, 2024

Phishing emails are crafted to deceive and steal sensitive information. Understanding various phishing email examples, such as fake security alerts, unexpected invoices, and prize notifications, is key to recognizing these threats. Learn how to identify and avoid these scams to...

Arsen Team

Sep 15, 2024

Phishing emails use deceptive tactics to trick you into revealing sensitive information. Learning to identify phishing email techniques, such as manipulated sender addresses, urgency tactics, and mismatched URLs, is crucial for your security. Discover how to spot these red flags...

Arsen Team

Sep 15, 2024

Phishing detection is essential to prevent cyberattacks that trick individuals into revealing sensitive information. Combining advanced tools like email filters, web filtering, and anti-phishing browser extensions with user education can significantly enhance your security. Learn the techniques to spot phishing...

Arsen Team

Sep 15, 2024

Phishing emails are a favorite tool of cybercriminals, designed to steal sensitive information. Knowing how to spot a phishing email is key to staying protected. Look out for unusual email addresses, unexpected attachments, requests for personal information, poor grammar, and...

Arsen Team

Sep 15, 2024

Phishing is a cyber threat that uses deception to steal sensitive information. Understanding how phishing works—from fake emails to targeted attacks—can help you recognize and avoid these scams. Learn about the techniques used by cybercriminals and the best practices for...

Arsen Team

Sep 15, 2024

Facebook phishing is a common scam where attackers attempt to steal your login credentials and personal information. By recognizing tactics like fake login pages, malicious links, and impersonation, you can protect your profile. Learn how to spot these threats and...

Arsen Team

Sep 15, 2024

Phishing emails often disguise themselves as legitimate communications to trick you into revealing sensitive information. Recognizing an example of phishing email is crucial for protecting your data. Learn how to spot signs like suspicious sender addresses, urgent language, and unusual...

Arsen Team

Sep 15, 2024

Phishing attempts are designed to trick you into revealing sensitive information. Recognizing the common indicators of a phishing attempt is essential for online security. From suspicious sender addresses to urgent language and unexpected requests, understanding these red flags can help...

Arsen Team

Sep 15, 2024

Clone phishing is a deceptive cyberattack where legitimate emails are replicated with malicious intent. Attackers use nearly identical copies of trusted communications but replace links or attachments with harmful ones. Learn how to recognize and avoid falling victim to this...

Arsen Team

Sep 15, 2024

Phishing attacks often involve malicious links disguised as legitimate URLs. Knowing how to check phishing links is essential for your online security. Be cautious with suspicious URLs, hover over links to inspect their destinations, and avoid clicking anything that seems...

Arsen Team

Sep 15, 2024

Vishing, or voice phishing, is a phone scam where attackers use various techniques, such as caller ID spoofing and urgency tactics, to trick victims into revealing sensitive information. Understanding these vishing techniques is crucial to recognizing and preventing these deceptive...

Arsen Team

Sep 15, 2024

Vishing is a form of voice phishing where attackers use phone calls to trick individuals into revealing sensitive information. Unlike traditional email-based phishing, vishing exploits the trust people place in phone communications. Learn how vishing works and the strategies you...

Arsen Team

Sep 15, 2024

Catfishing is a form of online deception where individuals create fake identities to manipulate others. Learning how to identify catfishing is essential to protect yourself from these scams. This article reveals key detection techniques, such as analyzing profiles, recognizing evasive...

Arsen Team

Sep 15, 2024

Catfishing is a form of online deception where someone creates a fake identity to lure others into fraudulent relationships. This practice can involve emotional manipulation, financial scams, or social media impersonation. In this article, we explore the catfishing meaning, the...

Arsen Team

Sep 15, 2024

Spoofing is a deceptive cyberattack where criminals disguise themselves as trusted sources to steal sensitive information or spread malware. One of the most prevalent forms is email spoofing, where attackers forge the sender's address to trick recipients into taking harmful...

Arsen Team

Sep 15, 2024

Email spoofing is a deceptive cyberattack where hackers forge an email's sender address to appear as though it's from a trusted source. This tactic is often used in phishing schemes, business email compromises, and malware distribution, posing significant threats to...

Arsen Team

Sep 15, 2024

Email spoofing is a dangerous cyber threat that can compromise your organization’s security and reputation. Attackers disguise their emails to appear as though they come from a trusted source, often leading to data breaches, financial loss, and identity theft. In...

Arsen Team

Sep 15, 2024

At Arsen, we love Gophish. It’s by far the most comprehensive open-source solution for deploying phishing, whether for evaluation, training, or research purposes. That being said, GoPhish has numerous limitations that add significantly to the cost of use. Whether for your business or...

Thomas Le Coz

Oct 24, 2023

Phishing simulation tools have become the front line of defense in cybersecurity training. By mimicking real-life phishing attempts, these tools assess human vulnerability in digital landscapes. One such popular tool is GoPhish. However, as cybersecurity threats evolve, so too must...

Lïa Desmousseaux de Givré

Oct 17, 2023

A new feature has arrived on Arsen: multi-scenario campaigns. It allows you to use multiple phishing scenarios within a single campaign. The benefit? Stay realistic by not targeting all your employees in the same way. In fact, a hacker would prefer to...

Lïa Desmousseaux de Givré

May 5, 2023

Utiliser des scénarios polyvalents dans un [test de phishing](https://arsen.co/test-phishing) permet de cibler efficacement un large effectif avec peu de personnalisation. Une fausse alerte de sécurité vis-à-vis d’un compte Google peut par exemple cibler des personnes de services différents tout en restant...

Thomas Le Coz

May 5, 2023

An attack via USB drive, also known as USB Drop, is a danger that is still underestimated. USB drives are very effective in helping us store and transport small amounts of data. We use them regularly, and many people cannot...

Thomas Le Coz

Jan 4, 2023

At Arsen, we help businesses protect themselves against phishing. Part of this work involves simulating attacks on employees. We are therefore particularly attentive to real attacks that can be observed online in order to constantly update our simulations to be representative...

Lïa Desmousseaux de Givré

Jan 4, 2023

In this article, we will see how to customize a phishing test with Arsen. More specifically, what elements can be included in the email to have a realistic, personalized, and more or less difficult scenario? Before using Arsen, make sure you are...

Lïa Desmousseaux de Givré

Jan 4, 2023

Today, enough companies do not test, train, or sensitize their employees frequently enough to make the hacker profession attractive. By conducting a campaign once a year or every six months, you are not up to date on the ecosystem, threats, and...

Lïa Desmousseaux de Givré

Jan 4, 2023

When you want to test the resilience of your company to phishing attacks, you must choose certain parameters such as your targets, the type of campaign, or the scenario. A parameter rarely mentioned but which has a strong influence on the...

Lïa Desmousseaux de Givré

Jan 4, 2023

In this video, we explain [how to effectively raise awareness against phishing](https://arsen.co/blog/sensibiliser-efficacement-phishing). The objective of this awareness is to improve the behavior of employees in the face of attacks. An employee who is not properly sensitized is an integral part of...

Lïa Desmousseaux de Givré

Jan 4, 2023

Whether it's clicking on a malicious link or sending confidential data to a fake third party, if the threat is always external, 90% of effective cyber attacks involve an error resulting from human exploitation. It is based on this fact...

Lïa Desmousseaux de Givré

Jan 4, 2023

During a phishing simulation, you will retrieve behavioral data and be able to determine your level of resilience. But what are the results to observe following a false phishing campaign and how to exploit them?

Lïa Desmousseaux de Givré

Jan 4, 2023

Not all phishing emails are equal. When I ask someone what they think of a "phishing email," the descriptions are very varied. Among these descriptions, the level of difficulty, that is to say, how difficult it is to detect the fraud, also...

Lïa Desmousseaux de Givré

Jan 4, 2023

Click campaigns are now available on Arsen! When you schedule a phishing campaign, it is possible to do Credential Harvesting or a click campaign. If an employee clicks on the link during a credential harvesting training campaign, they will be redirected to...

Lïa Desmousseaux de Givré

Jan 4, 2023

After observing more than 30,000 phishing email simulations launched by the Arsen platform, we have drawn some lessons that we wanted to share.

Lïa Desmousseaux de Givré

Jan 4, 2023

Why conduct a fake phishing exercise? Phishing is the entry point for 91% of attacks*. The objective of phishing simulations is to prevent the hacking of your company in order to avoid financial losses.

Lïa Desmousseaux de Givré

Jan 4, 2023

In this article, I will show you in a video how, from a simple phishing email, we can bypass multi-factor authentication, also known as MFA or 2FA."

Lïa Desmousseaux de Givré

Jan 4, 2023

When a company adopts a new phishing simulation solution, the question often arises: "How often should I conduct phishing simulations?" The frequency of phishing simulations is a crucial parameter in the fight against phishing. However, some companies do not define it...

Lïa Desmousseaux de Givré

Jan 4, 2023

The risks associated with phishing are often underestimated. Many still believe that the consequences are limited to having to change a few passwords, scan their network, or even have a comprehensive security policy. However, as we will see, phishing can have...

Thomas Le Coz

Jan 4, 2023

The compromise of email addresses, or Business Email Compromise (BEC), is a popular attack aimed at compromising a company's mailbox for malicious purposes. The simplest monetization is generally to request a fund transfer from the corrupted address or a change...

Thomas Le Coz

Jan 4, 2023

Instagram is a highly popular social network, making phishing on the platform equally prevalent. According to the "Digital Report 2021" by Hootsuite and We Are Social, Instagram ranks fifth among the most downloaded apps with 1.221 billion active users. Notably,...

Thomas Le Coz

Jan 4, 2023

Discover the evolution of phishing attacks over time, from the first phishing attack to the most advanced attacks occurring today.

Alexandre Esser

Jan 4, 2023

It is not always easy to know the steps that follow a [phishing test](https://arsen.co/test-phishing). Many of our clients contact us initially for a phishing test and ask us what they should do once the results are collected. In this article, we...

Lïa Desmousseaux de Givré

Jan 4, 2023

In this article, we will analyze the process of a phishing test, from its setup to reporting. We will discuss framing, technical deployment, execution, and post-mortem of the exercise.

Lïa Desmousseaux de Givré

Jan 4, 2023

Did you know that SMS has an average open rate of over 95%? The definition of smishing is a digital attack through SMS that can have serious consequences. SMS marketing has become a strategy that many companies use. Unfortunately, hackers...

Lïa Desmousseaux de Givré

Jan 4, 2023

Managing numerous phishing campaigns takes time. That's why many of our clients share the various tasks related to phishing test management or scenario design. Our awareness platform allows you to create operator or spectator access to work as a team on...

Lïa Desmousseaux de Givré

Jan 4, 2023

A new variant of phishing has been observed lately, called Browser in the Browser (BitB). It is simply an attack aiming to deceive usual human detection techniques by generating a fake window inside a real window. Indeed, most of the time,...

Lïa Desmousseaux de Givré

Jan 4, 2023

Phishing is the entry point for 90% of cyberattacks today. This threat poses various risks to a company, including organizational, reputational, financial, and legal risks. It is therefore interesting to question how to assess the risk of a phishing attack for...

Lïa Desmousseaux de Givré

Jan 4, 2023

Instagram is a very popular social network, so it is logical that phishing on Instagram is just as popular. According to a study, "Digital Report 2021" published by Hootsuite and We Are Social, Instagram is the 5th most downloaded application...

Lïa Desmousseaux de Givré

Jan 4, 2023

The aim of your phishing campaigns is to get as close as possible to real attacks threatening your company in order to improve your resilience against them. Some hackers are increasingly focusing on the quality of their emails rather than...

Lïa Desmousseaux de Givré

Jan 4, 2023

Vishing, or voice phishing, is a form of phone scam where attackers impersonate trusted entities to trick victims into revealing sensitive information. In this article, we'll look at common vishing examples. Understanding these tactics can help you identify and protect...

Thomas Le Coz

Jan 4, 2023