Testing the Effectiveness of Phishing Attacks on Reply All Staff
TLDR The host tests the effectiveness of phishing attacks on the staff of Reply All, successfully impersonating the host and tricking a coworker into almost falling for a phishing attempt. Even with two-step verification, the host and boss of Reply All fell for phishing emails, demonstrating that anyone can be vulnerable to these attacks.
Timestamped Summary
00:00
The host wonders about the effectiveness of phishing attacks and decides to test it on the staff of Reply All.
04:15
Daniel successfully impersonates the host and tricks a coworker into almost falling for a phishing attempt.
07:53
Daniel successfully impersonates the host and tricks a coworker into almost falling for a phishing attempt, and even though the host didn't fall for it, Daniel was still able to gather information about him.
11:21
Even with two-step verification, you can still fall victim to phishing attempts, as demonstrated when the host clicked on a phishing email impersonating a Google Drive and entered their password and two-factor authentication code.
14:25
The hacker was able to gain access to the host's Gmail account by forwarding their username, password, and two-factor authentication code from a fake page to the real Gmail login page, and the server used for this phishing attempt was based in New York.
18:22
The team discusses their previous phishing test and how they want to find a way to demonstrate that even smart people can get phished.
22:24
Matt Lieber, the boss of Alex and Daniel, fell for the phishing test in just 41 seconds, confirming that anyone can be vulnerable to phishing attacks.
26:45
Matt Lieber fell for a phishing email that appeared to be from Alex Goldman, which asked him to log into his Gimlet account to view a PDF, and despite some initial suspicion, he ultimately fell for the scam.
Categories:
Technology
Society & Culture