2nd Annual Phish Throwdown Contest Results

Share Now


The results are in… and we have a winner! After much deliberation among our panel, we’re pleased to announce Gareth Stanyon as our 2nd Annual Phish Throwdown winner. Gareth’s email “Corporate Information Security Breach” addressed a recipient who supposedly violated company policy regarding social media use. To respond to the allegations, the email directs the recipient to click on a link. The email is personalized with the recipient’s name, organization, and department.

This entry stood out as a realistic and persuasive (who isn’t going to think about clicking on a page to defend themselves against a possible violation of company policy?), and stands as a most worthy winner. While Gareth’s submission was excellent, that’s not to say we didn’t receive other solid contenders.

Highlighting some of the best submissions was one detailing actions a recipient should take in the wake of a high-profile retail breach (with a link leading to a phony log-in page, of course), and another that sent the recipient an attachment with medical lab results using the name of the recipient’s spouse. While both of these created compelling and original phishing scenarios, both submissions unfortunately used copyrighted brand material, a clear violation of the contest rules. We made this practice against the rules because it can undermine the legitimacy of a phishing exercise by creating unnecessary confusion and can also possibly lead to legal problems. The Army learned this lesson the hard way back in March, which we discussed in an earlier blog. The truth is clever scenarios like the submissions we received don’t need to employ copyrighted material to be successful, as recipients will still fall for a well-crafted email even without actual logos and brand names.

We’d like to thank everyone who submitted an entry; you all made our Phish Throwdown a success again. We continue to be amazed at the clever ideas that we receive, and really enjoyed reading all of the entries.


Read More Related Phishing Blog Posts


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on wpml.org as a development site.