Simulated Smishing and USB Attacks

Evaluating Susceptibility to Malicious SMS/Texting and Infected Media Devices

Our SmishGuru® and USBGuru® simulated attack tools can help you gauge your employees’ understanding of the dangers associated with smishing (SMS/text phishing) and USB attacks. These unique assessments can protect your corporate systems from malware, spyware, and other dangerous software.

Our mock attacks help you establish a baseline measurement of how vulnerable your organization could be to dangerous and pervasive social engineering threats. SmishGuru and USBGuru utilize a scientifically proven methodology to collect detailed information about your organization’s vulnerabilities, which allows you to plan and focus your future efforts.

These simulated attacks also prime your employees to learn how to avoid actual attacks. Any employee who falls for a SmishGuru or USBGuru mock attack is automatically presented with a Teachable Moment, which explains the situation and provides practical guidance and tips for future reference. This approach — which pairs simulated attacks with just-in-time teaching — is an excellent forerunner to our interactive training modules because it motivates and engages your employees. Our data has shown that employees who fall for a mock attack are up to 90% more likely to complete follow-up training.

Key Benefits of SmishGuru

• Allows you to safely expose your employees to smishing techniques and gauge vulnerabilities. This exercise is particularly important for BYOD organizations whose employees have more freedom on their mobile devices.
• Mitigates the risks your organization faces from careless use of smartphones.
• Provides multiple customizable text messages that are sent directly to your employees’ mobile phones.
• Delivers brief, practical tips via customizable Teachable Moments (see below) when an employee falls for a mock attack.
• Gathers actionable data to finely target future employee training.
• Gets employees thinking about best practices and how to respond to future threats.
• Sets the stage and makes employees more receptive to in-depth training about social engineering attacks and mobile device security.

Key Benefits of USBGuru

USBGuru allows you to test employees on a pervasive and dangerous threat vector: infected removable memory devices. You use our cloud-based interface to easily create a custom executable file with a brief training message embedded in the file. The file is then loaded onto USB devices that can be randomly placed throughout your organization — just waiting to be plugged in.  

• Allows you to safely introduce your employees to the concept of infected media drives and gauge vulnerabilities. This is an important exercise given the continued expansion of the Internet of Things (IoT) and connected devices.
• Delivers brief, practical tips via customizable Teachable Moments (see below) when an employee plugs in a pre-planted USB device.
• Gathers actionable data to finely target future employee training.
• Gets employees thinking about best practices and how to respond to future attacks.
• Sets the stage and makes employees more receptive to in-depth training about social engineering attacks and data protection.

Teachable Moments

Employees who fall for a SmishGuru or USBGuru simulated attack are automatically presented with a unique Teachable Moment. This just-in-time teaching approach is a great way to set the stage for future in-depth training and motivates employees to learning best practices and exhibit safe behaviors.

The customizable, 15- to 30-second Teachable Moments alert employees about the mock attack, explain the dangers associated with real attacks, and give practical advice and tips they can use to avoid future traps. You can select from three different teaching methods: 

• Single-panel comic strip
• Multi-panel illustration (USBGuru only)
• Customizable landing page

If they don’t wish to use Wombat Teachable Moments, SmishGuru administrators have the option to route users to internal messaging or training products.

Training: The Next Step

Our mock attacks are most effective when paired with our interactive training. These 10- to 15-minute educational modules offer brief but focused training about key security topics introduced to your employees during your simulated attacks. Education is a logical and effective next step, and our training is based on proven Learning Science Principles that lengthen knowledge retention and drive behavior change.

Connecting these components of our Assess, Educate, Reinforce, Measure methodology can dramatically improve the efficacy of your security awareness and training program. Integration between mock attacks and education has been shown to increase completion rates five- to tenfold. Our data has shown that employees who fall for mock attacks are up to 90% more likely to complete follow-up training. By taking advantage of this opportunity to integrate simulated attacks and training, you can significantly improve the efficacy of your program and further reduce your risks.