Tool tests for phishing-attack gullibility
- 31 July, 2007 09:41
Do your company's employees seem like easy dupes for e-mail phishing attacks and other scams? A vulnerability-assessment tool from Core Security Technologies lets you set up automated tests to find out.
Impact 7.0 lets you set up automated spear-phishing attacks and other types of e-mail-based threats, record how targeted users react to the bait, and collect the results in reports for review. It also can check users' desktop applications for vulnerabilities and need for patch updates.
"With Impact, you can model a spear-phishing attack, and find out which users will click on embedded e-mail that fools them with a 'You've won a vacation prize,'" says Will Aguilar, senior product manager.
The vulnerability-assessment tool's Client-Side Rapid Penetration Test offers a selection of templates to set up simulated social-engineering attacks, including a hidden Trojan horse that users might be duped into installing.
The social-engineering testing component augments Impact's vulnerability-assessment capabilities for server and desktop applications and operating systems.
Impact 7.0, expected to ship by the end of August, starts at US$25,000.