Test how well your employees follow your cyber security policy and what information they are prepared to reveal to a malicious party
Phishing is an online deception and fraud technique. Phishing attacks are designed to entice you to click on a link to a trusted website via email or text message, with the intent to download malicious software or encourage you to disclose sensitive or personal information.
Why should you run a phishing campaign?
Fraudulently obtaining security information such as usernames and password through phishing scams is the fastest rising online crime method used for stealing personal information and perpetrating identity theft. By running a phishing campaign, you can find out which of your employees is vulnerable to deception and how your organisation compares with similar-sized entities in your market segment.
While employee vulnerability is generally decreasing due to awareness in modern organisations, malware infection is on the rise. There have been several cases in the last year of ransomware attacks taking a hold of an organisations infrastructure and encrypting their data due to an employee clicking on a malicious link which they believed to be genuine.
How do we conduct a phishing campaign?
Our phishing campaigns involve targeting a wide group of users in your organisation by sending them an email that entices them to visit a web application and perform a task, such as entering their log in credentials. We do this with no knowledge of your technical structure and it is usually formed as a generic mail, for example offers from online shops, interesting news articles or changes to their accounts, to try to convince the users to open a malicious attachment or clink on a bad link.
Our phishing campaigns can also be re-run after implementing updated security policies or employee awareness training to evaluate improvement.