New from Duo! Duo Insight, a Tool to Help Organizations Identify Phishing Risks


#1

Today, Duo released a free, easy-to-use tool called Duo Insight. Duo Insight is a risk assessment tool that companies can use to identify individuals and devices that might be vulnerable to phishing attacks. You can use this tool right now at insight.duo.com!

Learn more about the tool in Ruoting Sun’s blog on Duo Insight here or just head straight to insight.duo.com and start phishing!


#2

I tried the tool earlier this morning. It would be nice if we could customize the final page after a user has fallen for the phish.


#3

Awesome, glad to hear you’ve been able to try it already. I’ll let our product team know about your feedback!


#4

Hi LeoNel, thanks for trying the tool already. Is there anything specific you’d like to customize on the final page? What kind of content are you looking to put here?


#5

Ideally, the ability to add items like:

  1.   Add ability to customize links e.g. to our policy, training material for users
    
  2.   Help Desk Phone Number
    
  3.   Logo

#6

Thanks for the feedback and suggestions. This is really useful.


#7

Gotta say, as a former PhishMe user, this makes it so easy to run a successful campaign and educate our users.


#8

We would like to see this feature within duo admin portal. The idea is to launch a campaign against users which already defined in duo.


#9

Hey @avs thanks for reaching out!

We’re actively considering different directions for Insight. Our goal is always to make the best possible tools for the industry and Insight is no exception. We’re excited about the future of Insight, and will follow-up with details as they become available.


#11

I second the idea of customizing the landing page. In many cases, prairie dogging will occur where one user opens the email before others, then tells others in the immediate area about the email and thus you receive skewed results. Sending a 404 page not found error page or something similar (maybe a failure message) would not alert users to anything unusual and also keep the integrity of the test intact.