McAfee Phishing Quiz
McAfee Confidential—Internal and Partner Use Only
Use the Phishing Quiz to educate your own organization, prospects, and existing
customers about phishing and how McAfee security solutions can help. This guide will
walk you through how to plan and run an outreach initiative step by step.
Activity Summary
• Find prospects with a desire to assess their organization’s vulnerability to phishing attacks • Provide a custom URL to the customer contact for their internal distribution of the phishing quiz • Work with your McAfee Account Manager to analyze results
• Follow up with customer to present results and discuss how McAfee solutions can provide better protection Technologies to Position as Anti-Phishing Solutions
• McAfee Email Protection with scan-time and click-time protection
• Anti-malware engines (reputation services, antivirus, emulation, and sandboxing/ static code analysis via Advanced Threat Defense)
Step 1: Plan Your Activity
Contact Customers/ Prospects
To run this campaign, begin by reaching out to a customer or prospect and propose having them distribute the Phishing Quiz in their organization as an exercise in security education. Typically a CSO or other role responsible for educating the organization overall or specifically on cyber threats will be an ideal contact to gain buy-in.
Often, organizations are either required to build education tools like this on their own, or contract with a third-party to come in and run them. The Phishing Quiz is being provided as a free tool, which immediately adds value to your engagement.
Begin the conversation with an introduction such as this:
“Email Phishing is a major threat to the security of every business. Did you know that over 95% of attacks on organizations like yours are the result of successful spear phishing? I bring this up because awareness around this topic is extremely important to keeping you safe. We have a tool we’d like to share with you that can gauge your organization’s ability to detect phishing attacks. Your employees can take our quiz, and we’ll analyze the data with you to see how susceptible your business is. It’s as simple as sending out one URL to everyone you want to take the quiz. Would you like to give it a shot?”
Create a Custom URL
To track results for a specific organization or group taking the quiz, you will need to create a custom URL. If you do not desire to track results, simply use: https://phishingquiz.mcafee.com/
Steps to create custom URL
1. Create a unique identifier using [Last Name+Date] i.e. [Smith10May2014]
2. Append to https://phishingquiz.mcafee.com/home/ ie. https://phishingquiz.mcafee.com/home/Smith10May2014 3. Do not use the same URL for more than one organization or group.
Character limitations for custom URLs
• Can use: Upper case letters, lower case letters, and numbers (i.e. ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789)
Step 2: Run the Quiz
Provide Email Template to Customer Contact
Provide the following template or similar as an example of the email your customer contact can send to their internal employees:
Subject Line: Test Your Skills – Learn How to Detect Email Phishing Attacks
Targeted email attacks are a major threat. It only takes one email, sent to the right target at the right time to be successful. So successful, that the SANS Institute claims that most cyber-attacks are started with this methodology:
“95% of all attacks on enterprise networks are the result of successful spear phishing.” -Allen Paller, Director of Research, SANS Institute, 2013
We want to help you better prepare for dealing with malicious email attacks by understanding your skill level in spotting them, and teach you how to steer clear of some of the highly-effective phishing techniques currently being used.
McAfee, part of Intel Security, has provided us with a tool to test out our skills in detecting phishing emails. Use the link below to take the quiz!
[Insert custom URL] [Sign off]
Confirm Distribution and Completion of Quiz
Confirm with the customer contact that the email has been sent out within their organization. After about 3-5 days, the majority of responses will be in, and you can move on to the next step.
Step 3: Gather and Interpret Results
Pull Data from Phishing Quiz
Contact your McAfee Account Manager and share your unique URL. They will pull the quiz data, and provide a spreadsheet of the results for you to analyze and calculate metrics as outlined below.
• Average Score
o =sum(column F) /total count of respondents
• Score Frequency (i.e. how many score 90%)
o Sort column F, and total each score level (0-100) by count
o Divide each score level count by total count of respondents to determine, for example, “X% of employees scored 90%”.
• Individual Question Difficulty
o =sum(question column)/ total count of respondents
o Note that this will provide Percentage Correct. Simply input =1-[your result] to calculate Percentage Incorrect.
• Percentage who missed at least 1 phishing email (failed)
o Filter all phishing question columns to read “1” (H, I, J, L, N, O, P) to reveal count for all phishing correct. o Subtract this from total count of respondents. Divide this by the total count of respondents for % who missed at
least one phishing email.
• By Country, Company Size, Job Role
o Sort either column Q, R, or S and total each category. For country, aggregate into GEOs (NA. EMEA, APAC/ JPN, LTAM)
McAfee Confidential—Internal and Partner Use Only Step 4: Follow up and Creating a Sales Opportunity
After you have run your campaign, gathered your data and interpreted it, you should now schedule a follow up meeting with your customer. Here are some key topics to cover:
Quiz Results
Participants rarely score a perfect 100 on the quiz. This provides ample opportunity to highlight key emails which were the most difficult, and the tactics used in each. Share performance by job role for additional insight. In many instances we see varying performance across departments. Even security professionals score an average of 70% on this quiz.
If you start at the quiz summary page (https://phishingquiz.mcafee.com/summary) you can click on the most missed emails and review the questions with the customer. You can also go through 7 Tips to Avoid Being Phished, also available via the summary page.
McAfee Products and Anti-Phishing Differentiation
To turn this campaign from an educational exercise into a sales opportunity, begin by discussing the current state of email security your customer has deployed, especially the aspects of their existing solutions that are geared towards anti-phishing.
The key turning point in these discussions should come from uncovering that a customer is doing X to stop phishing attacks, but that is not enough, because these attacks are using tactics such as delayed URL infection and advanced malware. McAfee is the only vendor to combine click-time scanning and advanced malware detection to protect businesses from attacks using these tactics. These are the strongest points of differentiation from competitive products in relation to phishing.
There are several examples in the phishing quiz that can guide the conversation towards the key anti-phishing technologies from McAfee that use these technologies: ClickProtect, a feature of McAfee Email Protection, and McAfee Advanced Threat Defense. ClickProtect
• To guide the conversation towards the value of click-time malware scanning, navigate from the summary page to Question 4: eFax, and question 7: Wells Fargo. These two examples show the end-user experience when ClickProtect is turned on, for a malicious and safe email respectively.
• Make the point that without this technology in place, simply scanning for malware behind email links as they enter the network will not stop attacks that change the content behind URLs from safe to malicious after an email is sent. Many other vendors fail to protect past the point an email is initially scanned. Without click-time scanning, you have a “ticking time bomb” scenario where an email is sitting in an end-users inbox, waiting for a link to be clicked. McAfee runs a GTI URL reputation check and Gateway Anti-Malware scan on all links when they are clicked, which has been proven to stop over 95% of zero-day malware (AV-Test).
• Use this as a key differentiator to convey the value of McAfee Email Protection over existing solutions. Demonstration videos can be found on the “Learn About Anti-Phishing Tech” page as well.
Advanced Threat Defense
• To guide the conversation towards McAfee Advanced Threat Defense, navigate from the summary page to “Learn How McAfee Can Help”, where you will find a basic primer on ATD and its integration with McAfee Email Gateway. Use this as a starting point.
• Discuss with the prospect how in-depth their current anti-malware capabilities go when detecting malicious files in email. Likely none will match the analysis performed by ATD and Email Gateway, which uses a process of down-selection to first remove the bulk of malware with Global Threat Intelligence reputations and signatures, multiple anti-virus engines including a third party, then emulation by the Gateway Anti-Malware Engine, and finally static code and dynamic (sandbox) analysis. Emails containing malware will be blocked before they ever reach an inbox.
• If a customer is not scanning files with static code and dynamic analysis (sandboxing), the core functionality of ATD, they are not going to stop advanced targeted attacks using highly sophisticated malware. Pull assets from www.mcafee.com/atd to supplement the discussion.
At any point during or after these conversations, do not hesitate to involve your McAfee Account Manager who can assist with conveying the value proposition of these solutions, and help with tailoring an offering that best fits your customer
