The recent trend in helping organizations protect their users against threats is to perform some sort of automated spear phishing attack.  Services like PhishMe, WombatSecurity and countless others are popping up, claiming to offer two major benefits: Provide usable metrics for the organization to track security awareness  Train users close to the event to protect themselves more effectively against attacks.   This is known “embedded” training While the first is incredibly useful, it’s the second that has always seemed fishy …

Read more »