SafeUser malicious message simulator

The most effective solution for cybersecurity awareness for non-technical users.

The increase in the millions of malicious messages arriving daily by e-mail to users of all types of organizations is a recognized and unstoppable trend. Despite technical security measures such as email filters or firewalls, cybercriminals still manage to get some of their messages through to users. For these cases, SafeUser has created a solution that allows to “train” an entire workforce effectively and economically.

How does the SafeUser malicious message simulator work?

SafeUser’s malicious message simulator is a gamified activity that is presented to the user in the form of interactive slides that each user accesses individually through an online learning platform.
Unlike an online course, the simulator does not contain explanations or theory. It is entirely oriented to present users with different types and examples of e-mail and SMS messages on which the participants must make concrete decisions.

Depending on the selected action, the simulator will indicate to the user whether he has made the right decision by means of pass or fail reactions that motivate the user to try to get it right and get the green hit screen.

The user is then shown a brief explanation of why the decision he/she made was correct or incorrect. In this case, for example, the image shows the user that, if he or she had improperly downloaded an attachment, the files would have been encrypted and rendered unusable.

Finally, in order for the exercise to be complete, the user will be asked to select the elements that allow the recognition of the malicious nature of each message.

Another element of gamification consists of obtaining badges in cases where the participant gets the right action and the elements that characterize the malicious messages right.

Based on users’ interactions with the message cases presented to them, the platform offers statistical tracking that allows monitoring the hits and misses made by each user. These tracking reports are available on screen and can also be downloaded in different formats such as Excel or CSV for further processing.

Although SafeUser develops multiple versions of the simulator based on current malicious messages, there is the possibility of creating specific versions for organizations that incorporate it into their digital security awareness activities.

In other words, the simulator can be customized according to the context and specific needs of each organization. For example, a bank may require different examples of malicious messages than a public entity in the field of justice or a company in the industrial sector.

What are the advantages of the SafeUser simulator compared to campaigns for sending simulated phishing messages?

In the article on “Are phishing simulations any good?” we discussed the drawbacks of phishing simulation campaigns. The simulator provides solutions to the main drawbacks of attack simulation campaigns.

Ensure that the entire workforce interacts with the messages. Because the SafeUser simulator is deployed via a platform, it is possible to ensure that all members of an organization will perform the practical exercises. Performing the activity will not depend on the workload, the number of emails to be reviewed or the personal interests of the users.

On the other hand, in phishing simulation campaigns, it may happen that a large part of the recipients of the simulation do not interact with the exercise at all due to the reasons given above.

Technical simplicity. The deployment of the SafeUser simulator is technically very simple. It is enough to send a communication to the staff, provide them with the access instructions and offer a brief explanation thanks to the fact that the simulator is highly usable and it is very clear what to do at each step.

In contrast to phishing simulations, the simulator does not require any effort to set up cybersecurity protection systems or many of the complex tasks involved in simulations.

Detailed reports. Because the simulator ensures that all users of an organization will have the opportunity to perform the practical exercises, the statistical information is much more representative in terms of success, because we know that the right decisions have been made consciously.

Positive impact on people. From a human resources point of view, the reception by the staff is potentially more positive due to the fact that the exercise is conducted in a controlled and predictable environment.

Is the simulator compatible with other cybersecurity awareness activities?

Increasing digital security protection that depends on user behaviors cannot be achieved through isolated actions. The SafeUser simulator is one of the resources that can be deployed in combination with other activities such as online courses, internal communications, reminders, posters and even targeted phishing simulations.

The simulator is particularly compatible with the SafeUser online course because it allows you to put into practice what you have learned in a safe and controlled environment.