The winner of our inaugural Double Barrel Throwdown is @_tdudley. Her scenario leveraged curiosity, posing as a recruiter the email entices the recipient to click a link to find out about a lucrative job opportunity. This original idea was persuasive (who isn’t curious about an exciting job opportunity?) and realistic (recruiters send out emails like this all the time to corporate email addresses). Overall, the decision was not easy, but her entry stood above the rest when judged against our criteria: originality, persuasiveness, and realism.
It is worthwhile to note we had two close runners up, one dubbed “Big Nerd Training” and the other dubbed “Great Places to Work For.” The creator of Big Nerd did a great job of researching this one, applying many of the tactics that our Highly Visible Target Identifier uses to help our customers develop recipient lists. This had a high degree of originality, using social media to pick a target. The creator identified a training event one of our employees attended, and crafted a double barrel scenario designed to look like an invoice from that conference, with the name changed slightly so as to not run afoul of the contest rules regarding copyrights.
As for the Great Places to Work scenario, recipients are asked to click on a link to a workplace survey for a possible company award. The employee survey angle is an interesting one, even though we have seen HR themed phishing attacks before. Members of our panel have received these in real-life, making it a very believable scenario that is also applicable to all users at an organization.
We want to thank everyone who took the time to submit an entry. The number of clever and varied entries confirmed our feeling that security pros are some of the smartest people around.