SafeUser Malicious Messages Exercises

The most effective solution for raising cybersecurity awareness for non-technical users.

The increase in millions of malicious email messages reaching users in all kinds of organizations daily is a recognized and unstoppable trend. Despite technical security measures such as email filters or firewalls, cybercriminals still manage to get some of their messages through to users. For these cases, SafeUser has developed a solution that allows for effective and economical training of an entire workforce.

How does the SafeUser malicious message simulator work?

The SafeUser malicious message simulator is a gamified activity presented to users in the form of interactive slides. Each user accesses these individually through an online learning platform.

It is entirely focused on presenting users with various types and examples of email and SMS messages. This requires participants to make specific decisions based on each scenario.

Based on the action selected, the simulator informs the user whether they have made the right decision through approval or error messages. These feedback mechanisms encourage the user to aim for correct responses and achieve the green success screen.

The user is then shown a brief explanation of why their decision was correct or incorrect. In this case, for example, the image shows the user that, if they had improperly downloaded an attachment, the files would have been encrypted and rendered unusable.

Finally, to ensure the exercise is complete, the user is asked to identify the elements that reveal the malicious nature of each message.

Participants will earn badges after correctly identifying appropriate actions and elements that characterize malicious messages.

Based on user interactions with the presented message cases, the platform provides statistical tracking that allows for monitoring the accuracy and errors made by each user. These tracking reports are available on screen and can also be downloaded in different formats such as Excel or CSV for further analysis.

Although SafeUser develops multiple versions of the simulator based on current malicious messages, there’s also an option to create specific versions tailored to organizations that include it into their digital security awareness activities.

This means the simulator can be customized to suit the unique context and needs of each organization. For instance, a banking institution may need different examples of malicious messages compared to a public entity in the judicial sector or an industrial sector company.

What advantages does the SafeUser simulator offer compared to campaigns that send simulated phishing messages?

In the article “Are phishing simulations effective?”, we addressed the drawbacks of phishing simulation campaigns. The simulator provides solutions to the main drawbacks associated with attack simulation campaigns.

Ensuring that the entire staff interacts with the messages. Because the SafeUser simulator is deployed through a platform, it’s possible to ensure that all members of an organization will complete the practice exercises. The completion of the activity won’t depend on the workload, the number of emails to review, or the personal interests of the users.

On the other hand, with phishing simulation campaigns, it may be the case that many recipients of the simulation may not interact with the exercise at all due to the reasons given above.

Technical simplicity. The deployment of the SafeUser simulator is technically very simple. It only requires sending a communication to the staff, providing them with the access instructions and offering a brief explanation. As the simulator is highly user-friendly, it is often clear what to do at each step along the way.

In contrast to phishing simulations, the simulator doesn’t require any effort to set up cybersecurity protection systems or many of the complex tasks associated with simulations.

Detailed reports. Because the simulator ensures that all users of an organization will have the opportunity to perform the practice exercises, the statistical information is much more representative in terms of correct decisions, as we know these choices are made consciously.

Positive impact on people. From a human resources perspective, reception by the staff is potentially more positive because the exercise is conducted in a controlled and predictable environment.

Is the simulator compatible with other cybersecurity awareness activities?

Increasing digital security protection that depends on user behaviors cannot be achieved through isolated actions. The SafeUser simulator can be deployed in combination with other activities such as online courses, internal communications, reminders, posters, and even targeted phishing simulations.

The simulator is particularly compatible with the SafeUser online course as it allows users to apply what they’ve learned in a safe and controlled environment
.