How will your employees respond to the next Social Engineering attack?
Social Engineering is a method of testing the level of security awareness in the weakest link of your organisation: The human. An estimated 90% of network intrusions begin with a (spear) phishing campaign – a targeted email attack, one of the mostly used technique by social engineers. Through our phishing simulation service, your employees will face real world (but harmless) scenarios, which will give you accurate measurements of your employees’ behaviour.
Benefits of Phishing Simulations:
- Measure the effectiveness of your security awareness program
- Help your employees to recognize a phishing email
- Measure your employees resistance to modern phishing attacks
- Reduce the likelihood of being victim of social engineering
A phishing campaign starts by establishing an attack scenario. A scenario is defined by an attractive email sent to the selectively targeted personnel, which can contains either malicious hyperlinks (to the attacker’s website) or attachments. A campaign is always defined and tested in close collaboration with the customer prior to any simulation.
The following attack scenarios are available:
- Click-Only – An email that urges the recipient to click on a hyperlink.
- Data Entry – An email with a link to a customized web page where the user is tricked into entering sensitive information. In a typical scenario, a corporate web application (VPN, Intranet, …) is reproduced including the login form, and the users are asked to enter their compagny username and password.
- Attachment-based – An email with a seemingly legitimate attachment that the user is asked to open. In a typical scenario, Microsoft Office files containing macro are used. As each department has its own interest, you may consider sending fake invoices to the Procurement department, fake CVs to Human Resources personnel, etc.