Today we are happy to release to the public: http://phish5.com
Simply, Phish5 is Phishing as a service. It allows a fairly unsophisticated user to phish users in her organization, quickly, easily and from the comfort of her own browser.
Why would we do this ?
In the past year, a host of high profile news organizations were phished, and then publicly spanked. The attack that compromised the AP's twitter account [Verge] even led to a visible dip on the Dow.
If you talk to security folks, they will quickly dismiss Phishing attacks with a trite: "Educate your users"
Unfortunately, in any reasonably sized organization, this is not a trivial task & learning requires constant reinforcement. Phish5 exists to help with this.
A super short registration process, and users can enter a list of victims, create phishing mails, create phishing pages and track results. The whole process should take less than 5 minutes!
Phish5 means that you can track peoples behaviour changing over time.
- Is Edward from HR just not getting it? (He seems to have been phished in the last 2 campaigns).
- Why does Edna always login to fake OWA pages?