The title of this article was supposed to be “Top 10 Free Phishing Simulators”. However, after much searching, trying, visiting of broken links, filling out forms and signing up for mailing lists, it became clear that the combination of “free” and “top” really narrows down the selection to very few actual choices for phishing training. The final list does not include any of the fishy (pardon the pun) apps that let you create a fake website for collecting data. Nor are we including any of the free managed campaigns offered by so many now popular phishing services. We wanted to focus on tools that allow you to actually run a phishing campaign on your own, i.e. create and send at least one phishing email to a real recipient.
Basically, if you are looking for a free phishing simulator for your company, you are down to three choices:
- Simple tools that will allow you to craft a simple email message and send it to one or several recipients using a specified mail server. Features like reporting or campaign management are often not an option, making them more like penetration testing tools than phishing simulators.
- Open-source phishing platforms. This is a growing and interesting category, which makes up the majority of our list. With open-source, you get all the usual benefits, such as feature-rich free versions and community support. But all the usual shortcomings are there as well: tools like this usually require some significant technical skills to install, configure, and run. Additionally, most of them are Linux-based. So, if words like “missing dependencies” don’t sound like an alien tongue, then this category may be of interest to you. Otherwise, there is the third choice.
- Demo versions of commercial products. The majority of commercial phishing simulators are offered as software-as-a-service (SaaS). (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Andrei Antipov. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/1oyEeUVj4p0/