Simulated Phishing Attack
Simulated Phishing Attack
This simulated phishing attack will establish whether your employees are vulnerable to phishing emails, enabling you to take immediate remedial action to improve your cyber security posture.
We will perform a simulated phishing attack to determine your organisation’s current susceptibility to this type of attack, identifying the groups of users most at risk. Our team of penetration testers will come up with a range of phishing scenarios. We use various techniques, but they generally involve sending an email to random, or in some cases nominated, personnel. The email asks the targeted employees to take certain actions that will result in them giving sensitive information such as usernames and passwords. The responses and any information contained within will be intercepted and assessed, while redirecting users to prevent suspicion.
The identified vulnerabilities are presented in a format that allows an organisation to assess the resistance of its employees to a phishing attack.
Why you need to test
Phishing attacks are quick and easy to implement and deliver an enormous return on investment, which has motivated criminals to create increasingly sophisticated and creative phishing ‘lures’. These are often indistinguishable from genuine emails, text messages or phone calls; in general, affected users don’t report the compromise until it is too late, inflicting enormous damage on your organisation. Senior management need regular assurance that staff have been properly trained on how to spot phishing emails, and the only real way to achieve this is through a simulated phishing attack.
Benefits of Phishing Testing
A simulated phishing attack allows you to:
Quickly find out if there is an internal awareness problem;
Determine who to enroll in training after they fall for an attack – an effective way to change end-user behaviour; and
Craft campaigns based on the experiences and threat analysis of our expert security testing team.
How it works
Our phishing testing process is as follows:
Once you have placed an order, a review meeting is taken by the assigned penetration tester and our CEO to ensure we are going to test to a sufficient level.
We will schedule and hold a scoping call with you to establish the exact extent of the testing exercise. This is where we will also discuss the phishing avenues and tactics we may employ as well as any goals you may have..
Design and development of a targeted phishing campaign that simulates a popular phishing attack vector (e.g. a ‘drive-by download’). The actual vector deployed will be agreed after a scoping discussion with the client.
Carefully designed, non-destructive attacks target IT users of your choice and measure the results.
Our experienced consultants interpret the results to provide trend analysis and highlight problem areas such as department or location.
This test is available as either an internal or an external test.
Expenses related to travelling, etc. are not included in the price.
On-site presentation of report findings and remedial consultations can be provided upon request at an additional cost.
The quoted price applies to testing during regular office hours. An additional charge will be incurred for tests conducted outside of regular office hours (9:00 to 17:30 GMT).
REQUIRE A MORE IN-DEPTH PENETRATION TEST?
We’ve designed our standard packages to be easy and affordable, but if you are unsure of your requirements, or your needs are more complex and involve attempting to exploit the identified vulnerabilities, please call us to discuss. Our consultants can answer your questions and make the process painless. If you would like to talk to one of our testers or meet with them, we would be happy to arrange this for you.
WHY CHOOSE US?
Penetration tests should only be carried out by experienced testers with the necessary technical skill set and qualifications. Our penetration testers have strong technical knowledge and a proven track record in finding security vulnerabilities and can carry out exploits in a safe manner and advise on appropriate mitigation measures to ensure that your systems are secure.
Our penetration testers are OSCP (Offensive Security Certified Professional), OSWE (Offensive Security Web Expert) and CREST (Certified Register of Ethical Security Testers) certified. Our penetration testing team will provide you with clarity, technical expertise and peace of mind knowing that your web application has been reviewed by experienced testers in line with your business requirements.
Got a Question? Ask us