Free Enterprise - The FindLaw Small Business Law Blog

Send Fake 'Phishing' Emails to Test Employees?

Some employers are sending fake "phishing" emails to test their employees' safe computing practices. Should you do it too?

One of the most popular fake "phishing" emails pictures a Turkish Angora cat with a purple mohawk and the subject, "Check out these kitties! :-)" The email includes an attachment or link promising more feline photos. But workers who click it get a surprise: A warning from their IT departments not to open such emails, reports The Wall Street Journal.

Why are employers doing this? Because many realize that it's not foreign hackers who cause the most harm to their networks and databases. Instead, it's employees who open suspicious emails and unwittingly invite viruses onto work computers.

While these fake phishing emails may seem like a lot of effort just to teach your employees a simple lesson (i.e., don't open unknown emails or attachments), there may be some validity for using such methods. For example:

  • Getting caught red-handed may be more memorable than a training session. Many workers listen to a presentation on a topic like cybersecurity and think to themselves that it will never happen to them. But the reality is that we do occasionally open these emails whether out of boredom, curiosity, or sloppiness. By getting caught red-handed, you have a stark reminder that it can happen to you.

  • Realistic tests show how "phishing" works in real life. For some less computer-savvy workers, they may not understand exactly why it's so risky to open attachments or click on email links. By going through this fake "phishing" exercise, these employees can learn first-hand what not to do.

  • Such tests may encourage your workers to be more careful. Just realizing that someone is watching and monitoring employees' Internet use may instill fear and cause workers to be more careful with their email and web-browsing activities on the job.

The company behind the fake cat "phishing" email, PhishMe Inc. of Virginia, says about 3.8 million workers have received the cat email in their inboxes. Such exercises can reduce an organization's risk of falling for "phishing" scams by about 50% in the first six months, according to PhishMe's website.

Follow FindLaw for Consumers on Google+ by clicking here.

Related Resources: