All Collections
We already provide phishing training, do we need OnINBOX?
We already provide phishing training, do we need OnINBOX?

Will OnINBOX detect phishing tests?

Ivan Kovachev avatar
Written by Ivan Kovachev
Updated over a week ago

OnINBOX supercharges your phishing training by replacing the guesswork with expertise by pointing out the risks inside every email when it’s opened.  

You can’t train users to spot every kind of attack
With an ever-changing threat landscape today it’s no surprise that it’s constantly fooling machines, so we shouldn’t expect users to be able to do so. Whilst education is essential and a good start towards people-centric technology, it doesn’t immediately change behaviour. 

Training doesn’t immediately change behaviour
In practise, phishing training simply doesn’t work ‘out of the box’, by which we mean it can’t teach users to spot every kind of attack, or change deeply embedded behaviours such as clicking links or opening attachments. With phishing training alone the organization’s security is left to memory-based guesswork. It is also commonly reported that users are chastized for falling for fake phishing emails, which undermines the relationship between Security and the rest of the organisation creating a ‘blame and train’ culture. 

Supercharge your phishing training
Whilst phishing training doesn’t work ‘out of the box’ and can take some time to see individual changes in behaviours, OnINBOX works as an immediate visual counterpart which tells the recipient if they can trust the email they have just opened. This effectively improves the results of phishing training and constantly protects users by pointing out the hidden risks inside every email.

It is difficult to get a fair sense of OnINBOX's performance based on emails that are designed to look like phish but do not actually pose any risk. The links in the emails aren't actually of any real threat to the user (and are therefore not on any suspicious URL databases) and the emails have genuinely come from the ambiguous domains that they state they are from. This means that OnINBOX won’t flag fake phishing emails as threats with red indicators because they don’t pose any real threat.

Phishing simulations still hold some value when using OnINBOX. Phishing simulations can be used to test not only how a user behaves when OnINBOX detects something, but also when OnINBOX doesn't detect something.

Did this answer your question?