Test how well your employees follow your cyber security policy and what information they are prepared to reveal to a malicious party
Phishing is an online deception and fraud technique. Phishing attacks are designed to entice you to open a malicious attachment or click on a link to a trusted website via email or text message, with the intent to download malicious software or encourage you to disclose sensitive or personal information.
Why should you run a phishing campaign?
Fraudulently obtaining security information such as usernames and password through phishing scams is the fastest rising online crime method used for stealing personal information and perpetrating identity theft. By running a phishing campaign, you can find out which of your employees is vulnerable to deception and how your organisation compares with similar-sized entities in your market segment.
While employee vulnerability is generally decreasing due to awareness in modern organisations, malware infection is on the rise. There have been several cases in the last year of ransomware attacks taking a hold of an organisations infrastructure and encrypting their data due to an employee clicking on a malicious link which they believed to be genuine.
How do we conduct a phishing campaign?
Our phishing campaigns involve targeting a wide group of users in your organisation by sending them an email that entices them to visit a web application and perform a task, such as entering their log in credentials. We do this with no knowledge of your technical structure and it is usually formed as a generic mail, for example offers from online shops, interesting news articles or changes to their accounts, to try to convince the users to open a malicious attachment or clink on a bad link. We can also create bespoke emails which can be tailored to your organisation and represents a more sophisticated attacker.
Alternatively, we can perform targeted campaigns, also known as “spear phishing” or “whaling”, which are tailored to a particular user or group who are employed in a high-risk, business critical role. This type of campaign is necessary to determine the susceptibility of employees to a higher standard of phishing email.
Our phishing campaigns can also be re-run after implementing updated security policies or employee awareness training to evaluate improvement.