Blog :: Security Operations

Phishing Attack Training

01 October 2017: Click Click Phish is no longer available.

Last week we released a phishing attack training game called Click Click Phish after being inspired by Brian Krebs book “SPAM Nation“.  The goal of the free game is to educate email users of all ages on the dangers of phishing attacks and the associated sneaky strategies used by malware developers try and get users to click on infected links in the emails they receive. Once the machine is infected, it can be used to host illegal content, participate in DDoS attacks against other web sites or fall victim to local data theft. These sophisticated infections can steal information locally from the device carrying the virus or from other machines it may target on the internal network.

phishing attack training

The short tutorial in the game explains how the user needs to mouse over links to expose the link properties in the tool tip. During the game, the user is presented with a few emails that may or may not contain links that shouldn’t be clicked on. Players must evaluate the hyperlinks quickly in each email before the water in the fish tank drains. After the player evaluates an email, the fish walks through each link reviewed in the email and explains why the link was or wasn’t evaluated correctly. Points are deducted when mistakes are made and from the water draining from the tank. The tank is refilled with water at the beginning of each email being evaluated. At the end, the average score is calculated and the scores are logged to the players profile should he or she decide to register.

Phishing Attack Email

The email samples used in the game are actual emails from companies like Linkedin, Facebook, Craigslist, Apple and others. Because of this, many of the emails presented will look familiar to the average player. If a player is a member of a registered company, custom emails relating to the business can be uploaded and used in the games as well.

Registering Benefits

The game is completely free to guests but, there is an option to register at no cost. Registered individuals enjoy the benefits of monitoring their progress over time and participating in the competition to reach the highest score. Top players are proudly displayed at the end of the game. Registration also provides the option to be emailed at a selectable time frame to be reminded to play again at a later date. New emails are periodically added to the game by the administrators.

About Click Click Phish

The game was developed and is maintained by Plixer, a network incident response company located in Kennebunk, Maine. We are a leading threat detection and forensic evidence provider focused on engineering the very best system for uncovering unwanted communication behaviors. Rather than depending on packet signatures, our strategy uncovers unwanted communications by leveraging NetFlow, IPFIX, sFlow, and other derivative technologies. The company was built by network and system engineers who understand the need for massively scalable distributed collection solutions that meet the dynamic demands of security and network professionals. With over 2000 customers, their names include The Gap, Lockheed Martin, IBM, Columbia Sportswear and Polaris.