Despite your user education programs, you will still have clickers. As phishing e-mails become better designed, users will have more and more problems spotting phishes.
When a user clicks a phish in their mailbox, DNSWatch blocks the connection and provides the user a message of your choosing. It may contain some phishing education links so that the user gets an on-demand dose of education. It should contain a custom message from you regarding phishing and your contact information. Encourage the staff in your organization to talk to you when they realize they have made a mistake.
DNSWatch will immediately send you a notification that we have blocked a connection. It will contain details about the victim and the phishing site. Our team will quickly follow up with some more context on the infection. We will tell you what type of phishing site it was (Office 365, Google, and Paypal are very common) and what the goal of the attacker was. Typically this is theft of credentials, but phishes can also contain malware or ransomware.
Armed with this, you can go find the victim (if they haven’t already come talked to you) and provide some face to face education about phishing threats and reinforce how important it is for them to not click on suspicious e-mails and ask for help if they ever sense the e-mail might be fake.