karriere.at tests employee phishing awareness

Social Engineering Assessment of A1 Digital examines the potential for phishing emails and calls at Austria's most famous career portal.

karriere.at is Austria's largest career portal with up to 4.9 million monthly visits. 80 percent of Austrians are aware of karriere.at. The market leader in online recruiting connects suitable candidates with the best employers. Job-seekers can successfully find suitable jobs and companies on karriere.at and can also be discovered by employers. Interested parties also gain insights into the working world of companies on company profiles. The job advertisements reach thousands of job seekers and cover the individual recruiting needs of the companies easily and conveniently. Founded in 2004, the owner-managed company employs almost 190 people in Linz and Vienna.

The handling of thousands of current job offers repeatedly presents karriere.at with the challenge of protecting these sensitive data and services in the best possible way. Accordingly, great emphasis is placed on the topic of security at karriere.at. In order to test the level of awareness of the employees of a potential hazard and to raise awareness of the danger potential, karriere.at has opted for a social engineering campaign. A1 Digital International GmbH was commissioned to carry out the Social Engineering Assessment, which with its Offensity Security Monitoring already scans the web servers of the career portal for possible vulnerabilities.

As part of the two-pronged social engineering approach, a large group of people was staggered into user groups and confronted with an email campaign aimed at accessing sensitive data (especially usernames and passwords) via fake websites. To do this, A1 Digital set up a phishing website to collect credentials and sent a phishing email to the target audience email addresses provided by karriere.at. The response by employees to the e-mail should be determined in order to derive and improve the awareness phishing of the employees concerned.

At the same time, phishing calls were made to four high-value targets– senior employees or people who hold sensitive customer information. The fake phone calls were aimed at obtaining in-house information or customer information and were made by an A1 Digital employee posing as an employee or customer. Finally, A1 Digital evaluated the data obtained from the Social Engineering Assessment and provided the result with recommendations for further steps to minimise the identified risks as soon as possible in the form of a PDF document.

“Only those who know their security status can meaningfully protect themselves and their employees against real phishing attacks and take effective countermeasures. As part of the realistic social engineering approach tailored to our company, A1 Digital has not only provided us with an exceptionally good data base, but has also provided us with detailed analyses and actionable items for the management level, which lead to appropriate training for our employees,” says Christoph Grabmer, Head of SysOps at karriere.at, who is very satisfied with the results of the Social Engineering Assessment.

“Only those who know their security status can meaningfully protect themselves and their employees against real phishing attacks and take effective countermeasures! As part of our company's tailored and realistic social engineering approach, A1 Digital has not only provided us with an exceptionally good data base, but has also provided us with detailed analyses and actionable items for the management level, which lead to appropriate training for our employees."

Christoph Grabmer, Head of System Operations at karriere.at