Onboarding info for new MailRisk users

When the MailRisk button suddenly appears in the Outlook app for your colleagues, it is important to tell them what this shiny new button is all about. Here is a suggested way to go forward.

We recommend all customer who are getting started with MailRisk to perform an onboarding exercise involving phishing simulation. In practice, this involves us sending a forged email to all new users, which in reality is an "authorized" phishing attempt.

Our goal is however not to see how many people are tricked by the scam email. On the contrary, we would like as many as possible to find it suspicious, and click the MailRisk button!

Read more: Four Steps to Have Employees Report Security Incidents

To let people get familiar with the MailRisk button, and the purpose of our phishing simulation, it is important to offer some information via email or intranet up front. To support you in doing this, we have proposed an info text which you can feel free to copy, completely or in part:

New button in Outlook

Have you ever received suspicious emails in your inbox? You are not alone.

Sometimes it is not as easy for everyone to decide whether the email can be trusted or not. Therefore, we need some help from you, and that's why you have received a new button in Outlook.

Click the MailRisk button if you are uncertain, or would like to help others!

The button opens up a small window to guide you through an assessment of the email, and you can easily ask for further assistance if needed.

At the same time, your suspicion can be used to quickly detect attemts of hacking and scams directed at your company. Your use of MailRisk can in other words both help yourself and your colleagues.

NB! To allow as many as possible to try out the button in practice, we are going to send you a simulated phishing email in the coming days.

The phishing email will try and trick you to clicking an unknown link or attachment. If you find anything suspicious, we are asking you to try and click the MailRisk button – and not simply delete the email!

For more detailed information about how the MailRisk button works, you can copy from or direct you users to our end user introduction guide: https://securepractice.co/guides/mailrisk-intro

It could also be a good idea to profile the MailRisk movie on your intranet or internal social network at work. In this case, use the following embed code:

<iframe src="https://player.vimeo.com/video/243921586?color=ffffff&title=0&byline=0&portrait=0" width="640" height="360" frameborder="0"></iframe>

As you understand, with MailRisk we offer an effective service to send out simulated phishing emails, and an integrated solution which makes it all an engaging and positive experience.

Fortunately, the work needed to get people on board is very manageable, and not much effort is required. But the value returned by people getting involved in enterprise security in this way is indeed very valuable!

Continue reading

Simulated phishing: How to design a suitable scam

How do you prepare the most effective phishing email to serve the goal of your exercise? In the third part of this series on simulated phishing, we describe various approaches to designing phishing content.

How to succeed with security behavior change

To stay safe online, people need to care more about the security decisions they face every day. But unless the obvious gains obviously exceed the required effort, change is often avoided. Luckily, behavior change in general has been subject to a lot of research, and here are some takeaways for information security professionals.

Simulated phishing: Communications strategy

How do you prepare an organization for you to try and trick them? In the second part of this series on simulated phishing, we provide the outline for a communications plan.

See all posts →

Human security sensors ebook cover

Ready to get started?

We have written a guide for you to get started with human-centered security. Access our free resource now, and learn:

  • How to nurture drivers for employee engagement
  • How to avoid common obstacles for reporting
  • Practical examples and steps to get started

Download free PDF →