A friend's mother recently fell for an obvious phishing scam, and I was hoping there was some service you could sign up for where they occasionally send fake phishing emails/texts to whoever you designate, and if they engage with them they'll get chided by the system, and you'd get metrics about how often your parents fall for these simulated attacks. This kind of thing is common in corporate settings, but it doesn't appear like there's one available for individuals.
Is there a legal barrier to running a service like this, or did I just fail in my google search when looking for one? And if there are no barriers, could someone please make this? I will never have the bandwidth.
All enterprises are using similar functionalities provided by big cyber security companies as a part of employee training program.
But to be able to run this kind of B2C business there are several down sides of the topic. I am listing them below as they pop up to my mind.
1. Your servers that you send e-mails may easily be blacklisted or marked as spam that may cause too much operational headache with your providers.
2. It must be both affordable for the subscribers and profitable for the business.
3. Even though it is relatively low, you may attract the attention of some cyber law enforcement teams and may need to give some explanations
4. The Personal Data Privacy related issues. The terms and conditions should be so structured that either European or any local Data Privacy Regulations should not be causing a headache in the long run.
On top of these potential issues, bootstrapping an untested idea is not coming too logical. I did not tried to devalue your idea and pain point, but even though I do not have a bandwidth to build a service like that, I wanted to highlight critical points for anyone may realize this idea.