Key steps in making the most about phishing email tests

Aramco’s many organizations are actively encouraging employees to increase their phishing email awareness levels. The Computer Operations Department (COD) is one of the top performing departments when it comes to phishing email tests, scoring 0% negative behavior and high positive behavior for the April test. The COD has implemented multiple best practices to improve positive phishing email behavior within the department, including:

• The department manager monitors the phishing email test results closely and discusses them with division heads

• The division heads are provided with detailed test phishing email reports on their employees’ response

• The department’s information security analyst (ISA) targets employees who displayed neutral behavior by sending a specific awareness program to them and encouraging them to demonstrate positive behavior

• All chief position holders conduct “one-to-one neutral sessions” with the neutral behavior employees

• The Information Security Department sends a spear phishing test designed specifically for COD employees to let them practice phishing tests and recognize phishing indicators more easily.

IT employee Hasan A. Mashikhy among fastest to report phishing email

The “Call for Action - Ramadan COVID-19 Vaccine” email seemingly sent from the “Saudi Aramco Health Center” in April may have tricked some employees to click on the offer of fake information about an updated vaccine appointment. Hasan A. Mashikhy, however, immediately reported the email as spam. Mashikhy, a computer operations system specialist with the Network Infrastructure Management Group in the Communications Operations Department, remained vigilant and was among the first in the company to identify the email as a potential phish.

The email had all the hallmarks of a phishing email test, including:

• A suspicious domain (Health Center <healthcenter@aramco.cor>)

• An attractive subject (“Call for Action: COVID-19 Vaccine in Ramadan”)

• A large, bright red external tag (“PHISHING ALERT”)

• Odd phrasing (a capitalization error “ramadan”)

• A sense of urgency (“check and confirm urgently”)

• An embedded link (“Click Here”).

The top three positive performing organizations

1. Internal Auditing

2. Petroleum Engineering and Development

3. Information Technology

The Information Security Department would like to extend its gratitude and appreciation to the top three positive performance organizations for their noticeable efforts in scoring the lowest negative behavior; along with the highest positive behavior for the April test. Such efforts reflect positively on Aramco cybersecurity user behavior and elevates the resilience of the company’s core business.