Every IT person knows the drill: alarm bells start clanging on your security monitoring software and the scramble starts. Once things calm down, either you approach the event-triggering user or they come and admit that "maybe that email was not legit." KnowBe4 LLC, based near Tampa Bay, wants the next bogus email one of your customers clicks on to be from them, not a hacker group. Their service/training system is labeled, "Human error. Conquered." That may be bold, but they will also keep the alarm bells from ringing so often.
The biggest security problem? People. They need training on how to filter the good emails from the bad. Left on their own, 4 out of 10 (technically 39 percent) admit to opening "suspicious" emails. Add in the other 25 or more percent who don't admit they do it, and you know that far too many users will fall for a well-written phishing email.
How to stop them? Training. That's what KnowBe4 offers, and the company's service provides a variety of ways to fool your clients (in a good way) so they won't get suckered by the bad guys.
Modern Phishing Tools with Console
The goal is simple enough: Send your users phishing emails that look real. When they click on a link in said emails, direct them to a landing page of your choosing. This beats the virus-laden landing page the hackers have waiting.
KnowBe4 includes a nice and respectful "Oops! You clicked on a phishing email," page. You can also redirect users to any page you want, such as our favorite option, a training video.
One famous, and still successful, phishing ploy is the "Change your password," trick. KnowBe4's email free trial allows you to send just such an email. Users hate changing passwords, and usually start cursing IT rather than thinking critically about whether this email looks fishy, er, phishy.
Will your clients fall for such an obvious ploy? You bet some will. In our test, 1in 3 clicked. KnowBe4 management told us their best sales tool is when an IT group asks to send phishing emails to their company executives. One or more almost always bites, and the purchase gets approved.
Phishing scammers have become incredibly clever, so your training must keep up. KnowBe4 includes about 125 phishing email templates in English, plus many in Chinese, Dutch, French, German, Italian, Spanish, and Swedish.
Template emails are organized by categories. The "Payment is past due," email template in banking will get many users attention, as will the "Unauthorized Activity Detected on Your Account," email. Security experts say fake LinkedIn emails get double the open rate of most phishing accounts, and KnowBe4 has one in the "Brand Knock-Offs" area for you to send, along with a couple of other LinkedIn messages. Current events? Imagine all the suckers, er, users, caught by the Facebook "dislike button" scam. You can send one and find out how resistant your clients are to that ploy.
KnowBe4 users can upload the phishing bait emails they create, and they're collected in the community section. So far there are about 50 in English and written for American users. Some are quite clever and convincing. Between the system templates KnowBe4 has written and contributions from other users, you should never run out of phishing emails to test your clients.
KnowBe4 will also track personal information users provide on the fake landing pages. You must use a short list of defined fields so KnowBe4 doesn't have to worry about holding your clueless user's data safely on their hosted site. But if a user provides their SSN or company password, you know that person needs some extra training beyond the basics.
Reselling this Service
You can't so much "resell" this service as much as charge per user per month for testing and training users under your protection. MSPs have been active in setting up tests for their customers, as have resellers. Or you can give admin rights to your clients and let their IT group manage their own phishing campaigns.
Of course, if you're still in the training business, this tool will fill security awareness classes without much trouble. KnowBe4 includes a 40 minute training video from Kevin Mitnick, but makes it easy to redirect your users to appropriate security policies, explanations, or full training videos. If you're not involved in training, you might reconsider when you see how many users under your care fall for these clever emails.
Some security experts believe phishing emails open the door to the most devastating data breaches. Whether you believe that or just want to stop customers from filling their computers with viruses, KnowBe4 should be your partner in user security testing and training.
Pricing and Availability
Pricing based on per seat / per month model, $10-15 depending on volume.