Skip navigation
The Daily Brief

Startup Builds "Phishing Drills"

A startup is selling phishing drills to small businesses worried about their cybersecurity.

There’s a company participating in a famous tech incubator program that wants to bring phishing to firms across the country. But the phishing attacks from Y Combinator participant Riot aren’t malicious, they’re designed to train employees how to respond if bad actors target their firm, according to a TechCrunch report.

Riot is able to test employees with fake phishing attempts that look like they come from Microsoft, Slack, Dropbox and Google, as well as leaving unbranded voicemails for employees. The campaigns can be built by administrators and the frequency with which employees are tested can be set to as frequently as every 45 days, per the report. 

Administrators running the campaigns will have a dashboard showing which employee fell for the trick and who avoided a mishap. Employees that fail Riot’s phishing attempt can be assigned security training, which works on both desktop and mobile. 

CEOs are next on the design timeline. Company leaders are subject to a different flavor of attacks, from spoofs requesting an assistant to buy gift cards to emails that look like they’re coming from an accounts or payroll department. Down the road, Riot is considering partnering with an insurance company to form agreements around cybersecurity insurance products. Plans start at $200 per month for companies with up to 50 employees.

Want The Daily Brief delivered directly to your inbox? Sign up for's Morning Memo newsletter.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.