Cyberdise AG

The Psychology of Phishing Attacks

Have you watched “The Great Hack” movie? A must-watch for insights into the psychology behind phishing attacks! Psychology and Phishing Attacks Phishing attacks rely heavily on psychological tricks, which is why understanding these tactics is so important for cybersecurity awareness. Surprisingly, nearly half (47%) of successful attacks still happen because of careless employees [1]. The Main Psychological Tactics in Phishing: 1. Emotional Manipulation Phishers tap into emotions like fear, curiosity, and trust to prompt hasty actions. For example, an urgent message from a “bank” might trigger panic, while a promise of rewards can pique curiosity.  2. Cognitive Biases We’re all prone to biases, and phishers know it. From overconfidence (“I’d never fall for a scam”) to authority bias (trusting messages from “important” figures), these biases make us more vulnerable. Scroll down to read more about cognitive biases. 3. Social Engineering Phishers leverage techniques like reciprocation (creating a sense of obligation) and social proof (implying that “everyone else is doing it”) to persuade victims to comply What We Recommend: 1. Recognize Vulnerabilities Understanding our psychological vulnerabilities helps us stay alert. It’s often our emotions, not our tech knowledge, that phishers exploit. 2. Master the Basics to Identify Legitimate Messages You need to know the basics that allow you to identify legitimate messages. Does the message come from someone you know? Does the message come from a domain you know and trust? As a minimum, you need to know how email addresses are structured and what your trusted sender domains are. 3. Effective Training Training programs should go beyond tech skills. We recommend running phishing simulations. 4. Cognitive Approach Encourage System 2 thinking (Slow, deliberate, and logical thinking, which requires more cognitive effort, [2]) – taking a moment to pause and evaluatemessages before acting. This simple step can prevent impulsive, risky actions. 5. Cultivate a Secure Culture Building a culture that values security encourages vigilance. When employees feel safe reporting suspicious emails, organizations become more resilient. The psychology behind phishing attacks is a global issue, affecting individuals and organizations across borders. To deepen our understanding of these tactics, our team is participating in Black Hat Saudi Arabia this year. This event offers a unique perspective on the latest global cybersecurity threats and insights that we believe will be valuable for our European readers. Stay tuned for key takeaways by following Cyberdise on LinkedIn! What are the most common cognitive biases exploited in phishing scams? Here’s a look at the top biases used in phishing attacks, so you can recognize and resist them: 1. The Halo EffectWhen we trust a person, brand, or organization, we’re more likely to trust messages associated with them. Phishers exploit this by posing as well known companies or trusted entities. In fact, the Halo Effect appears in 29% of phishing attacks, making it one of the most commonly used biases in social engineering [3]. Be cautious of unexpected messages from “trusted” sources, even if they seem familiar. 2. Hyperbolic Discounting Humans naturally prefer immediate rewards over future benefits, making us easy targets for “limited-time offers” or free coupons. Scammers use this bias to entice quick clicks, knowing that the promise of instant rewards often clouds better judgment. This technique appears in 28% of phishing attacks [4], so remember to take a moment before acting on tempting deals. 3. Curiosity Effect Curiosity can be a double-edged sword. Phishers know this and often lure victims with intriguing subject lines or “secret” information. Limited-time deals or exclusive offers exploit this bias, which drives 17% of phishing attacks [5]. Always approach curiosity-inducing emails with caution! 4. Authority Bias We tend to trust messages from authority figures or high-ranking officials without question. Scammers impersonate figures like CEOs or government officials, leveraging this trust to push victims into action. Always verify the authenticity of urgent messages from authority figures. 5. Recency Effect This bias causes us to give extra weight to the latest information we’ve encountered. Phishers take advantage of this by referencing current events or recent company news, making their messages feel timely and relevant. Stay vigilant by cross-checking unexpected messages against verified sources. Other Cognitive Biases in Phishing [6]: Loss Aversion: Threats of “account suspension” prey on our fear of loss, nudging us to act impulsively. Optimism Bias: Scammers offer fake “great opportunities,” knowing we often underestimate risks. Scarcity Bias: Phishers create urgency by claiming limited availability to make offers feel more valuable. Educating yourself and your team on these psychological tricks can significantly reduce vulnerability to phishing attacks [7]. Recognizing these biases helps us slow down, think critically, and act with security in mind. Want to try use psychology to phish someone? Our Freemium Edition offers fully-customizable phishing email simulations for you to try on your friends, family or co-workers. Fill out the form & get installation instruction right away! Or, to strengthen your team’s security toolkit, take advantage of our Black Friday discount on the Cyberdise Premium editions. Get advanced phishing simulation tools and customizable training modules designed to address both the technical and psychological aspects of phishing. GET MY SPECIAL BLACK FRIDAY OFFER We’re excited to share more cybersecurity insights, news, and updates with you in the upcoming editions of this newsletter. However, if you don’t find this helpful, we’re sorry to see you go. Please click the unsubscribe button below. Unsubcribe [1] Analysis of the IBM Cost of Data Breach Report 2024, Figure 7: Cases that can be attributed to a lack of employee awareness amount to 16% compromised/stolen credentials, 15% phishing, 10% Business Email Compromise and 06% social engineering. Means that 47% of all attacks target unexperienced, gullible or careless employees. [2] Kahneman, D. (2011). Thinking, Fast and Slow. New York: Farrar, Straus and Giroux. [3] LinkedIn: “Mind Games: How Hackers Exploit Your Brain with Cognitive Biases” [4] Blog: “[INFOGRAPHIC] 9 Cognitive Biases Hackers Exploit the Most” [5] Security Magazine: “Cybercriminals Exploit These Cognitive Biases the Most” [6] VentureBeat: “Phishing Attacks Exploit Cognitive Biases, Research Finds” [7] SC World: “The Five Most Popular Cognitive Biases That Result in Phishing Attacks”

Cyberdise Version 2.1 – Enhanced Security and Usability Features

Cyberdise Version 2.1 – Enhanced Security and Usability Features Release V2.1.0 New Features 1. File-Based Attacks Campaign operators can now integrate HTML files into phishing simulations,whether as email attachments or links to websites. This functionality enhances the monitoring of download activity, providing valuable insights into user behavior and potential security vulnerabilities. 2. O365 Incident Reporting Plugin: Report-a-Phish Button The new Report-a-Phish Button integrates seamlessly with Microsoft 365/Outlook, empowering users to report suspicious emails effortlessly. Once reported, these emails can be routed to designated email accounts and forwarded to your SOAR environment or Sandbox for further analysis. 3. Azure AD Synchronization A new option, Azure, has been added to the user import feature. It allows operators to apply custom filters and set up periodic user synchronization from Azure, similar to the existing LDAP sync functionality. 4. Azure SMTP Delivery Cyberdise now supports Azure SMTP Delivery. When Azure is selected, users can save the settings, enabling email delivery through Azure’s SMTP infrastructure. 5. SSO Settings: SAML 2.0 The SAML 2.0 option is now available in the SSO  (Single Sign-On) settings,allowing more secure and streamlined authentication for users across multiple platforms. 6. Clear Stats Button in Campaigns A Clear Stats Button has been added to the campaign statistics section. Upon confirmation, this feature clears all associated campaign statistics. 7. “Forgot Password” Functionality The “Forgot Password” feature s been introduced, allowing users who have trouble accessing their accounts can now quickly reset their passwords through an email verification process.  Improvements Updated RESTful API Documentation The RESTful API documentation has been updated, providing detailed guidance for developers to facilitate smoother integration and interaction with Cyberdise For any questions or further assistance, please contact our support team. Added features or functionality in this release Implement clear stats button in campaign File-based attacks: file templates File-based attacks: server support File-based attacks: module configuration File-based attacks: internal logic File-based attacks: statistics File-based attacks: HTML template Incident analysis – SMTP endpoint O365 Incident Reporting plugin Incident settings – plugin settings for O365 “Forgot password” functionality SSO Settings: SAML 2.0 Azure Apps Integration Azure AD Synchronization Azure SMTP Delivery Changed functionality or features in this release. Documenting RESTful API Fixed Bugs (version 2.1) Generic Issues None Misc.

Cyberdise Version 2.0 – Elevated Security and User Management

Cyberdise Version 2.0 – Elevated Security and User Management Release v2.0 New Features: 1. LDAP User Import Effortlessly integrate your existing user database with our new LDAP UserImport feature. This functionality allows operators to seamlessly importusers using LDAP(s) from directory services like Microsoft Active Directory(AD) and Microsoft Azure.Cyberdise also enables setting up LDAP filters tosegregate imported users into different groups. 2. LDAP User Synchronization Keep your user database up-to-date with our LDAP User Synchronizationfeature. This ensures that any changes in your LDAP directory areautomatically reflected in Cyberdise, maintaining consistency and savingadministrative time. The synchronization process occurs every 24 hours. Ifusers no longer exist in Active Directory, they will be removed from theirgroup. 3. Two-Factor Authentication (2FA) Boost your security with Two-Factor Authentication. This essential featureadds an extra layer of protection, requiring users to verify their identitythrough a second method in addition to their password, thereby reducing therisk of unauthorized access. 4. Dynamic User Addition in Running Campaigns Adaptability is key. With the ability to dynamically add users to an alreadygenerated plan in a running campaign, you can now make real-timeadjustments. Add new users manually or import them via CSV or LDAP withoutinterrupting your ongoing campaigns. 5. Reported Incident Overview Page Gain comprehensive insights with our new Reported Incident Overview Page.This feature provides a centralized view of all reported incidents. Theplugin for submitting incident reports will be developed in the next versionof Cyberdise. Improvements Pagination Navigate large datasets more efficiently with our improved paginationsystem. This enhancement ensures smoother browsing and management ofextensive records, improving overall user experience. Multi Domain Support for sending emails When using the internal delivery method you have the possibility to usemultiple sender email domains. It can be any domain assigned to the instance(preregistered, owned, leased). Light  & Advanced Navigation Menu  Our Navigation Menu has been revamped for better usability. Now you haveLight Mode with only essential features and Advanced Mode for fine-tuningand experienced users. Realm management has also been improved and is moreconvenient – Realm entities management is available from one page. Start Checks Improvement The Start Checks feature has been optimized for better performance. Now youcan track progress with a progress bar on the campaign overview page. Incase of need, you can also abort start checks. This improvement ensuresfaster and more reliable initiation of security checks, enhancing youroperational efficiency. MSPs can now store billing information for end customers. With the improved realm management (sub-tenants), managed security service providers can store billing information using the description field. This billing data can also be retrieved via the API interface.  Tooltips Improvement Enhanced tooltips are now available across the platform. This improvementprovides users with more contextual information and guidance, makingnavigation and feature usage more intuitive and efficient. Individual branding of the solution and content  Thanks to feedback from customers and partners, the Cyberdise solution has now been adapted to such an extent that realms (sub-clients) can now be individually and fully white-labeled. All training content will also be available without Cyberdise branding in the near future [3].   For any questions or further assistance, please contact our support team. [3] Applies to the Business, Premium and MSP Editions of Cyberdise. Availability from October 2024. 

Cyberdise Version 1.9 Enhanced Control & Security

Cyberdise Version 1.9: Enhanced Control & Security Release v1.9.0 Key Features: 1. IP Address Range Limits In the new version it is possible to configure the landing page so that it can only be accessed from specific IP address ranges, preventing it from being freely available to everyone on the Internet. Multiple IP address ranges can be specified. Each range should be provided in one of the following formats: single IP address, IP address range, or CIDR notation. 2. Campaign Start Checks Before launching a campaign, Cyberdise now performs an extended optional list of checks to ensure the seamless operation of each campaign. These checks are designed to improve both the reliability and performance of campaigns, identifying and addressing potential issues in advance. 3. Send Training Diploma as PDF We have enhanced the delivery options for training diplomas. In addition to providing a hyperlink for users to view their training diploma online, we now offer the option to send the diploma as a PDF file. This enhancement provides users with greater convenience and accessibility, allowing them to easily download, save, and print their diplomas for personal records, professional portfolios, or sharing with employers and educational institutions. 4. REST API Documentation Cyberdise provides comprehensive documentation for RESTful API. This documentation provides the administrator with the necessary information to seamlessly integrate and leverage Cyberdise’s features. With detailed explanations of endpoints, parameters, authentication methods, and response formats, developers can quickly and effectively utilize our API to build custom solutions, extend functionality, and integrate Cyberdise into their workflows with confidence. 5. Operator GUI in German Cyberdise has been localized into German, expanding accessibility for German-speaking users. This localization enables users to view the user interface, instructions, and content in their preferred language, enhancing user experience and facilitating platform usage. 6. Data Masking for Collected Data We have introduced a new configuration option that enhances data privacy and security by masking data submitted during phishing simulations before it is stored in the database. This feature ensures that sensitive information is protected, reducing the risk of exposure and maintaining the confidentiality of the collected data. Full anonymization is still possible of course. 7. LDAP(s) Configuration This feature enables seamless integration with LDAP(s) servers for user management. In future versions this will allow efficient and automated handling of user data, ensuring that Realm’s user information is consistently up-to-date across your systems. 8. Enhanced Information for Workstation Instance Administrator SuperAdmins now have access to more detailed information on the license overview page, providing insights such as: license edition, license limitations, license end date, number of users belonging to each tenant. 9. License Management Enhancements Building on the multi-tenancy feature released in version 1.6, we have significantly upgraded our license management policies: Each installation can now have multiple licenses allocated. Each tenant within an installation has its own separate license. License Assignment and Unassignment: System administrators can now assign and unassign licenses to specific tenants within an installation. 10. Automatic Update on Campaign and Program Dashboards Cyberdise implemented automatic updates on the campaign and program dashboards. This means that users will always have the latest information without needing to manually refresh the page. With this feature, users can stay up-to-date on campaign progress and program details with ease and efficiency. For any questions or further assistance, please contact our support team.

New Cyberdise templates for phishing simulations – Content April 2024

New Cyberdise templates for phishing simulations – Content April 2024 Over thirty new templates for phishing simulations are now available for download. Training alone is not enough! Majority of successful cyber-attacks start with a phishing email that has not been detected by an employee. That’s why it’s really essential all employees undergo a phishing simulation training. Such a ‘phishing training’ is much more realistic than any eLearning and helps to keep the staff’s attention. You don’t need an infinite number of phishing simulations for a healthy awareness. No company needs 500 templates or more. But the templates should be up-to-date and relevant. That’s why Cyberdise has been creating new templates for phishing exercises since the beginning of 2024. These phishing module templates help the Cyberdise operator to quickly create a phishing simulation campaign and all templates can also be adapted to the individual needs of the company. It’s important to include the context of the company in a phishing simulation because the real phishing attacks are getting more and more sophisticated and that’s a fact! Please note that it hardly ever makes sense to create a phishing exercise / phishing simulation so good that (too) many employees fall for it. In such a case, the educational and awareness-raising effect is lost. Templates for phishing simulations April 2024 The following phishing simulation templates are now available for download in Cyberdise and can be used in phishing campaigns. Multilingual templates for phishing exercises: Account Password Change: The user is asked to change their password to safeguard their account. Account Security Alert: The user is asked to upgrade his email account due to server upgrade. Amazon Account Verification: To ensure account security, users must verify their account by logging in. AMAZON: login verification: Customers are given a security verification for logging in. Apple Account Verification: We suspect that an unauthorized individual has gained access to your account. Booking.com Verification Account: The user will be asked to confirm their intention to keep the reservation because the payment was unsuccessful. ChatGPT Account Creation: The user is asked to install the Chrome add-on. Dropbox Corporate Policies: The user’s employment agreement has been updated to incorporate the latest company policies. Facebook Restricted Account: The user is requested to review their content to avoid account restriction. Generated Message Activate Now!: The user is asked to follow the given steps to activate APD Single Sign-On. Hyperlink: Account Security Alert: The user is asked to update their account now. Hyperlink: Generated Message Activate Now!: The user is asked to update their account now. Hyperlink: New Banking Security Alert: The user is asked to confirm their account. Hyperlink: Password Check: The user is asked to verify their password. Hyperlink: System Maintenance: The user is asked to anticipate scheduled system maintenance tomorrow. Hyperlink: Your Account is Locked: The user is asked to address a detected compromise of their account. LastPass Update Account: The user has been asked to update their account due to some suspicious activity. LinkedIn Account Verification: The user must verify their LinkedIn account to prevent fraud. MS Teams Invitation: The participant is receiving a notification that 3 participants are currently waiting for them in the meeting. Netflix Membership Cancellation: User is notified about the cancellation of their Netflix account. New Banking Security Alert: The user is asked to login his/her account to enable the new account security update from his/her bank Password Check: The user is asked to check his password strength as part of the company’s regulatory compliance. PayPal Verification Account: The user has been asked to verify their PayPal account. Pending Invoice: The user is prompted to click on the link to view and download the unpaid invoice file. An attempt to download the file is tracked in the statistics. Slack Email Verification: The user is asked to re-verify their email address. System Maintenance: The user is asked to verify if he/she is prepared to be offline for maintenance of all system. Twitter Restricted Account: The user is asked to pay immediate attention because their account has been temporarily blocked due to potential security risks. Verify Your GitHub Account: The user is asked to verify their email address. Who uploaded this to Droptbox: A document posted in the public domain on Dropbox is now available for download. Having authorized on the page, the user can download an empty file. The file download is not tracked. Win an iPhone 15: The user has been selected as one of the ten lucky winners of a brand-new Apple iPhone. Your Account is Locked: The user was notified that on the link he/she can unlock his account that being compromised

Cyberdise Version 1.7 Introducing Programs and Whitelabel Features

Cyberdise Version 1.7 Introducing Programs and Whitelabel Features Key Features of Cyberdise Version 1.7: 1. Programs: With the introduction of “Programs,” Cyberdise revolutionizes the approach to cybersecurity training. Programs enable the consolidation of campaigns into cohesive units, streamlining the management of comprehensive courses. Each Program encompasses a series of campaigns, seamlessly integrating different modules. This holistic approach empowers organizations to cultivate a robust defense strategy while fostering a culture of cyber awareness among employees. 2. Whitelabel: Cyberdise Version 1.7 introduces Whitelabel capabilities, offering enhanced customization options for organizations. With Whitelabel, businesses can tailor the platform to reflect their brand identity, reinforcing trust and cohesion within their ecosystem. This feature underscores Cyberdise’s commitment to providing adaptable solutions that align with the unique requirements of every client. 3. UI Localization: In response to global demand, Cyberdise Version 1.7 is now available in French. The addition of UI localization enhances accessibility for Francophone users, facilitating seamless navigation and comprehension of the platform. This expansion reflects Cyberdise’s dedication to inclusivity and accessibility on a global scale.

AI Phishing Simulation by Cyberdise Awareness Takes Off

AI Phishing Simulation by Cyberdise Awareness Takes Off [Press Release] AI Phishing Simulation by Cyberdise Awareness Takes Off Right on time for the InCyber Forum in Lille, Cyberdise Awareness Solutions presents new functionality, making it even easier to conduct efficient, individual phishing and smishing exercises. The Swiss start-up strengthens its business operations in France. Zug, March 24, 2024 – Swiss company Cyberdise AG, a provider of AI-based software and training in the field of cybersecurity awareness, unveils the latest features of the Cyberdise Awareness Appliance at the InCyber Forum in Lille. Cyberdise Secures Companies Cyberdise enables companies to develop, measure, and enhance their employees’ security awareness. Strengthen a “Human Firewall” with simulated attacks and leverage Cyberdise’s e-learning platform. Benefit further from the cybersecurity chatbot and pre-configured, customizable videos, trainings, and quizzes. The fully multi-tenant platform can even be operated locally or in the company’s own cloud. Cyberdise at InCyber Forum Europe The 16th edition of the InCyber Forum takes place from March 26 to 28 at the Lille Grand Palais. Cyberdise showcases the brand new version 1.7 of the cybersecurity awareness solution at booth G3-6 in the Swiss Pavilion. – https://europe.forum-incyber.com/en/home-en/ New Features at a Glance Version 1.7 of Cyberdise now allows creating individual spear-phishing or smishing messages and sending them to employees with the help of AI. Also, individual awareness campaigns can now be combined into entire programs. With this version, the fully separate multi-tenancy of the software is introduced, a central functionality for larger companies or security service providers. Also new is the ability to customize the entire solution with one’s own design. Expansion of Sales Activities into Francophone Regions The young Swiss company has already been able to expand its sales activities to France, Italy, Germany, and the USA within 7 months. Competent partners and distributors are currently being sought for the sales network. Palo Stacho, Founder of Cyberdise AG: “Cyberattacks have increased especially in the French-speaking region. Moreover, AI has made real attacks smarter and much more efficient – with Cyberdise, we respond to this new challenge. Our simulations correspond to this new reality, which no company should ignore.” About Cyberdise Cyberdise was founded in 2023 by a group of experienced founders from the cybersecurity awareness industry to bring better solutions to the market in the field of cybersecurity awareness training and testing (SAT). Cyberdise is a comprehensive, AI-equipped platform and software that enables employees of a company to be sustainably trained and tested against cyber risks. The company is headquartered in Zug, Switzerland. For more information, visit www.cyberdise-awareness.com Contact Palo Stacho Cyberdise AG Poststrasse 26, 6300 Zug, CH +41 41 5117810 palo.stacho@cyberdise.io