<p>Security teams constantly worry about phishing scams. Of all the social engineering attacks, phishing is the most significant and effective.</p>
<p>Despite thorough guidance to help employees <a href=”https://www.techtarget.com/searchsecurity/feature/How-to-avoid-phishing-hooks-A-checklist-for-your-end-users”>avoid falling victim to phishing schemes</a> and technologies that help prevent many scams from ever reaching employees’ inboxes, phishing attacks continue to plague enterprises. Employees are tricked into revealing sensitive information they would not typically expose, including login credentials, sensitive information and company data. These attacks — usually delivered by email or on fake websites — are particularly potent because they often appear to originate from a trusted source, such as a coworker, financial institution or other business entity.</p>
<p>It’s important to understand phishing weaknesses before throwing another security awareness training at employees — that’s where Gophish comes in. This free and open source framework enables security teams to test how employees respond to potential phishing messages. It relies on a web-based UI for simplicity and clarity, making it compatible with Linux, macOS and Windows.</p>
<p>The tool was designed to help organizations identify training opportunities and strengthen their overall security postures. Its main uses are social engineering education and demonstration, <a href=”https://www.techtarget.com/searchsecurity/tip/Cybersecurity-employee-training-How-to-build-a-solid-plan”>cybersecurity awareness training</a> and penetration testing. Gophish is often part of a larger pen testing initiative because it can validate employee responses, including those that might serve as an entry point.</p>
<blockquote class=”main-article-pullquote”>
<div class=”main-article-pullquote-inner”>
<figure>
Gophish is often part of a larger pen testing initiative because it can validate employee responses, including those that might serve as an entry point.
</figure>
<i class=”icon” data-icon=”z”></i>
</div>
</blockquote>
<p>Let’s go over how to use Gophish to train users to avoid actual phishing attacks.</p>
<section class=”section main-article-chapter” data-menu-title=”How to install Gophish”>
<h2 class=”section-title”><i class=”icon” data-icon
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: