Using phishing to test social engineering awareness of financial employees

Social engineering is the biggest security threat to financial institutions because it exploits the weakest link in any security system: the human element. It is proposed here that combining specialized training on social engineering followed by repeated audit tests will be more effective at lowering employee vulnerability than standard security training alone. This research developed a training module specializing in social engineering with an extra emphasis on phishing, then used phishing trials on financial employees to audit their awareness and knowledge of social engineering to determine if it lowers the vulnerability level to phishing attacks.