Twitter Sends Fake ‘Phishing’ Emails to Test Cyber-security

On March 4th, 2015, posted in: small-business-IT by Comments Off on Twitter Sends Fake ‘Phishing’ Emails to Test Cyber-security

Twitter Tests it's own employeesHigh-profile security breaches are a common occurrence these days and for this reason, many companies are taking action to make sure their employees don’t unintentionally put the company at risk of an attack.

With phishing emails widely becoming an entry point for hackers, all it takes is one click on a fake link for an Amazon gift card to unleash malware into the company network, steal password/login information or provide other access to cybertheives.

Who Falls for the Fake Emails?

To combat this risk, companies like Twitter Inc. are taking an unconventional path to educate employees about vulnerabilities within the company. It may come as a surprise to some that the greatest vulnerability within the company – are the employees themselves.

A study by Online Trust Alliance recently found that more than 1,000 breaches in the first half of 2014 (90%) were preventable. More than 1 in 4 were caused by employees (often by accident).


Twitter Inc. and a rising number of companies are sending employees fake phishing emails to raise awareness and strengthen company security.

During a recent town hall meeting in NYC, Josh Aberant, postmaster at Twitter said, “New employees fall for it all the time.” This fake internal “test” provides employees with a teachable moment to ensure that, when faced with a real threat, they will proceed with caution rather than falling victim to the next phishing email they receive.

What Would this Test Look Like?

Twitter isn’t the only company jumping on this unorthodox bandwagon. Wombat Security sent out an email to their employees with a subject that reads “Email Account Security Report – Unusual Activity.”

The employee receives an official looking email stating their account may be locked due to unusual activity such as sending a large number of undeliverable messages. Toward the bottom of the email is a link that would infect the recipient’s computer with malware – if this were a real phishing email.

When the link is clicked, a web page pops up stating, “The email you just responded to was a fake phishing email. Don’t worry! It was sent to you to help you learn how to avoid real attacks. Please do not share your experience with colleagues, so they can learn too.” The email then offered employees tips on recognizing suspicious messages in the future.

Do these Employee Tests Actually Work?

Nashville based, Pinnacle Financial Partners has sent employees fake phishing emails about once a quarter. Since the start of the Wombat program, they have seen a 25% drop in successful phishing attempts within their 800-employee company.

They reported “Workers take it very personally when they fall for it. They become apologetic and wonder, ‘how did I miss it’?”

Any Hope for the Future?

To combat this widespread threat on a greater scale, large internet based companies like Facebook Inc., Microsoft Corp. and Google Inc. are in support of a standard that would make it impossible for scammers to impersonate your persona data (bank info, social network or other business related details) in an email. This standard would be similar to a verification system for emails but at this point, this solution is still a long way off.

Have You Registered for a
No-Obligation FREE Network Discovery?
Our Network Consultant will conduct a full audit of your network and discuss with you – minus technical jargon – ways your business can fill in any gaps and resolve any vulnerabilities or loopholes that might compromise your business and potentially cost you thousands of dollars down the road.

Your FREE Network Discovery includes: An audit of your Current Network, Infrastructure, Server(s), PC’s, Backup, Security Performance, Reliability, followed with Q&A Session with our Network Consultant.

During your "non-tech talk" Q&A session we'll discuss:

- Your company's susceptibility to viruses 
- Security of YOUR confidential records
- Your disaster recovery backup plan
- What to do if your system fails

Just type your name and email address below to get started!

 We respect your privacy. We will NEVER sell, rent or share your email address.
Read previous post:
Jackie begins construction
Our New Office is Under Construction

We're excited to announce that construction has started on our new office building in Menomonee Falls. Ontech will be moving...