Our team can simulate a phishing attack against your organization. These can either be ‘standard’ messages, fake gift vouchers or login messages for example. Or they can be complicated, involving multiple phases attempting to deliver a payload, or other outcomes.
Tests employee security awareness, but also identifies the gaps in your controls. For example, if an employee clicks on a suspicious email, discover how that got through your spam filter. If a payload can be delivered, then find out where the gaps are in your endpoint security tools.
After discussion with the client to identify specific requirements, our team creates a customized assessment and uses our phishing infrastructure to conduct the test.
Depending upon the complexity, a simulation can range from a day or two, to
several weeks. If a payload is required, work will be done to develop this. Tests will be executed and results collected. Employees who click on the phish are directed to relevant information (i.e., a training video, a message about being phished etc. etc.).
We then provide clients with details on the results, including the structure of the phishing campaign and the number of users who clicked.