Threat Intelligence

Adversary Simulation

Active Defense

Phishing Simulation

Customized phishing security testing to help
improve your controls.

Summary

Our team can simulate a phishing attack against your organization. These can either be ‘standard’ messages, fake gift vouchers or login messages for example. Or they can be complicated, involving multiple phases attempting to deliver a payload, or other outcomes. The type and frequency of these simulations can be tailored to your organization’s specific needs.

Benefits

Tests employee security awareness, but also identifies the gaps in your controls. For example, if an employee clicks on a suspicious email, we can discover how they got through your spam filter. If a payload can be delivered, then find out where the gaps are in your endpoint security tools.

Process

After discussion with the client to identify specific requirements, our team creates a customized assessment and uses our phishing infrastructure to conduct the test.

Depending upon the complexity, a simulation can range from a day or two, to
several weeks. If a payload is required, work will be done to develop this. Tests will be executed and results collected. Employees who click on the phish are directed to relevant information (i.e., a training video, a message about being phished etc. etc.).

We then provide clients with details on the results, including the structure of the phishing campaign and the number of users who clicked, along with recommendations for improvement.

Phishing Simulation FAQ

What is phishing?

 

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

What are the objectives of phishing simulations?

 

The objectives of phishing simulations are two-fold: To test employee awareness of phishing attacks and their ability to identify them; and to identify gaps in an organization’s controls against phishing attacks.

How are phishing simulations conducted?

 

Phishing simulations are typically conducted via email, although other methods such as telephone and text message can also be used. The attacker will send a message to the target pretending to be from a legitimate institution, such as a bank or online retailer, and attempt to lure the target into providing sensitive information.

Are phishing simulations effective?

 

Yes. When done properly, phishing simulations are an effective way to test employees’ awareness of phishing attacks and their ability to identify them. They can also help to identify gaps in an organization’s controls against phishing attacks.

What are the benefits of phishing simulations?

 

The benefits of phishing simulations include:

  • Testing employee awareness of phishing attacks and their ability to identify them
  • Identifying gaps in an organization’s controls against phishing attacks
  • Providing employees with relevant training and information if they do fall for a phishing attack

What are the risks of phishing simulations?

 

The risks of phishing simulations include:

  • The possibility of employees becoming confused if they receive a phishing email that looks very similar to legitimate emails they usually receive
  • The possibility of employees clicking on a malicious link or attachment in a phishing email and infecting their computer with malware

Why work with OccamSec?

 

Our team of experienced cybersecurity professionals can help you assess your organization’s security posture and identify gaps in your defenses. We can also customize a phishing simulation to test your employees’ awareness of phishing attacks and your organization’s controls. Contact us today to learn more.

{
“@context”: “https://schema.org”,
“@type”: “FAQPage”,
“mainEntity”: [{
“@type”: “Question”,
“name”: “What is phishing?”,
“acceptedAnswer”: {
“@type”: “Answer”,
“text”: “Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.”
}
},{
“@type”: “Question”,
“name”: “What are the objectives of phishing simulations?”,
“acceptedAnswer”: {
“@type”: “Answer”,
“text”: “The objectives of phishing simulations are two-fold: To test employee awareness of phishing attacks and their ability to identify them; and to identify gaps in an organization’s controls against phishing attacks.”
}
},{
“@type”: “Question”,
“name”: “How are phishing simulations conducted?”,
“acceptedAnswer”: {
“@type”: “Answer”,
“text”: “Phishing simulations are typically conducted via email, although other methods such as telephone and text message can also be used. The attacker will send a message to the target pretending to be from a legitimate institution, such as a bank or online retailer, and attempt to lure the target into providing sensitive information.”
}
},{
“@type”: “Question”,
“name”: “Are phishing simulations effective?”,
“acceptedAnswer”: {
“@type”: “Answer”,
“text”: “Yes. When done properly, phishing simulations are an effective way to test employees’ awareness of phishing attacks and their ability to identify them. They can also help to identify gaps in an organization’s controls against phishing attacks.”
}
},{
“@type”: “Question”,
“name”: “What are the benefits of phishing simulations?”,
“acceptedAnswer”: {
“@type”: “Answer”,
“text”: “The benefits of phishing simulations include:

– Testing employee awareness of phishing attacks and their ability to identify them
– Identifying gaps in an organization’s controls against phishing attacks
– Providing employees with relevant training and information if they do fall for a phishing attack”
}
},{
“@type”: “Question”,
“name”: “What are the risks of phishing simulations?”,
“acceptedAnswer”: {
“@type”: “Answer”,
“text”: “The risks of phishing simulations include:
– The possibility of employees becoming confused if they receive a phishing email that looks very similar to legitimate emails they usually receive
– The possibility of employees clicking on a malicious link or attachment in a phishing email and infecting their computer with malware”
}
},{
“@type”: “Question”,
“name”: “Why work with OccamSec?”,
“acceptedAnswer”: {
“@type”: “Answer”,
“text”: “Our team of experienced cybersecurity professionals can help you assess your organization’s security posture and identify gaps in your defenses. We can also customize a phishing simulation to test your employees’ awareness of phishing attacks and your organization’s controls. Contact us today to learn more.”
}
}]
}

RELATED RESOURCES

A Security Strategy for the New Normal
  • May 27,2020
1 min read
During the ongoing COVID-19 outbreak many security professionals have by necessity been operating tactically & in response mode, trying to identify and mitigate the security risks of organisations that have had to move rapidly to remote working.
Emerging trends in threat actor communication methods
  • Jan 02,2020
1 min read
Threat actors are adapting to current intelligence gathering techniques. We are observing the switch from hidden services (i.e. Tor) to conventional communication methods that are used by the general public.
LinkedIn Pwnage: why we can’t all be friends
  • Aug 30,2019
1 min read
Last July an article appeared on the outline entitled “How to Beat LinkedIn: The Game”, it’s an entertaining read regardless of how you feel about LinkedIn. Ever since reading it, we’ve been thinking about writing up something on how we have used LinkedIn during our work.
VIEW ALL RESOURCES