We offer simulated phishing exercises to ensure your staff are resistant to social engineering attacks and phishing emails.
Malicious actors use phishing to trick email recipients into revealing information that could be used to attack your organisation, such as user- names and passwords. Criminals send bogus communications, often with embedded links or malicious attachments, which can direct you to a hoax website where login or personal details are then stolen.
Our simulated phishing exercises go beyond easily templated emails found in automated tools and mimic the steps that a malicious hacker would take to craft a convincing phishing email.
Simulated Phishing Programme | |
| Open Source Intelligence | We adopt the mindset of a malicious cyber actor and use the same open source investigation techniques to uncover intelligence about the target organisation which is used to develop a convincing social engineering attack. |
| Campaign Creation | We will craft and share a series of phishing email campaigns, and we will seek your feedback and approval before any emails are sent. Each campaign will contain a specific technique to capture user credentials or other sensitive information. |
| Campaign Launch | Over a two week period various phishing campaigns will be delivered to your employee base all at once or in phases. Captured information will be stored securely and used to build our training presentation. |
| Training Presentation | Once the phishing campaigns have been completed, we will deliver a bespoke training session for your company detailing how we created our campaigns, the results of the phishing test, and what to look out for in the future. As this is a highly interactive awareness session, engagement in the presentation is often high, and the tips and advice on spotting emails remain with users for longer. |
PHISHING PROTECTION
Outcome | |
| Staff Awareness |  |
| Data Protection | |
| Vulnerability Exposure | |
| IT & Security Risk | |
| Corporate Protection | |
| Breach Mitigation | |
A simulated phishing campaign aims to provide employees with a safe, simulated environment where they can learn interactively about what actual phishing attempts look like in a live setting. Email clients are getting better at identifying phishing emails; however, malicious actors continually revise their tactics and circumvent your organisation’s security measures. The last line of defence against
phishing is your user base or “human firewall”, and it is essential there is appropriate training to identify even the most convincing of phishing emails.
Bespoke and crafted phishing email campaigns are often delivered over two weeks. They are supplemented with a presentation revealing the results of the phishing campaign and an awareness presentation to users. This method has greater engagement than automated training software and can be carried out as a standalone test or part of a broader education programme. We have a suite of
different tactics that emulate real-world attacks to help craft emails for your phishing campaign.
Phishing Overview | |
| Whaling | Executives and senior managers are just as susceptible to phishing attacks as the rest of the userbase. Highly targeted phishing emails to capture executive credentials are commonplace and should be tested alongside other attack types. |
| Credential Harvesting | Cloning or mimicking a login page or a familiar application is also a common technique used by malicious actors. We will send a convincing email to your userbase, and those who don’t notice some key indicators may reveal their username and password. |
| Malware | Sending a malicious attachment alongside a phishing email can be devastating to your organisation in real life. Our harmless malware can take screenshots, record voices and steal passwords to demonstrate the damage of phishing malware. |
| Simple Phishing | Often the simplest phishing emails are best. Using Open Source Intelligence (OSINT) it is often possible to find an example of an organisation signature block. Posing as a senior manager of a partner organisation it may be possible to encourage the transfer of funds or reveal a social media logon. |
Get in touch
We have a depth of knowledge across Not for Profit, Commercial and Education sectors advising on GDPR and ISO27001 compliance. Get in touch with our experts now.
Contact our team
