BattlePhish™
Add transparency, gamification, and a new perspective to phishing simulations
If you can send phishing emails, you can run a battle!
It begins with defining
Two Teams
Team A, and Team B.
It can be a random split, by department, or in any way you wish.
Much more than a novelty, it fosters conversations, connections, and critical thinking.
Stage 1 - The Vote
Each team votes on which phish to send to the opposing team.
And what could be better than your colleagues willingly studying phishing emails, trying to decide which would be most likely to trick them?
Stage 2 - Educate
Everyone likes to learn they’re gifted at something! And this good feeling can be used to educate.
This email also links back into my Ask&Do framework, for consistency of terminology.
Key BattlePhish™ Principles
Build transparency. You’re less likely to resist future simulations when you’ve had a go yourself.
It brings it to life. It’s not a theoretical scammer you might get tricked by, it’s a very real danger, and it’s coming from someone you walked past earlier.
It gives opportunities to hand over knowledge - everyone wants to learn why they’re good at something.
Run your own battle!
If you can send out simulated phishing emails, you can run your own battle! Why not create a trophy, and make it a yearly event.
Google Forms, Typeform, these are all ways you can collect votes for little or no cost.
An example of Typeform being used to collect votes