What is Phishing?
Phishing attacks are rapidly increasing across the world. Criminals are becoming less concerned with targeted attacks; and are spreading the net wide by using convincing emails that lead users to visit artificial websites, install ransomware, capture personal credentials and/or execute malicious code on user devices.
Why do I need Phishing Simulations?
Recent malware outbreaks, such as WannaCry ransomware, show that users are still being duped into opening suspicious emails and clicking on the links within. This is despite having the latest and greatest anti-malware technology protecting them, both at the internet service provider level; and also at the desktop level where anti-virus software has been installed.
A carefully crafted fake email is often all it takes for a criminal to get through your entire anti-malware defence systems, and install malware on user systems. Older operating systems, such as Windows XP, Windows 7 and Windows 2003 Server are more at risk, but even the latest versions of Windows and MacOS are not immune.
A phishing simulation will help you measure just how responsive your users are. Do they click on untrusted links in emails? Do they open suspicious emails? Do they go the whole way and enter their usernames and passwords into a fake site?
Our Phishing Simulation Services
The consultative approach our team takes will ensure all phishing simulations and campaigns are bespoke to the threats facing your organisation. Our available simulations include the following:
- SMS Phishing. Targeting your users’ mobile phones with links, contact numbers or messages asking them to perform actions.
- Corporate Phishing. Simulated emails that appear to come from ‘inside’ your own organisation, usually from a person of influence, IT department, or a PA.
- Board Member Phishing. We target a handful of senior individuals, in a position of influence, with bespoke messages that aim to catch board-members or non-executive directors off-guard and install spyware on their devices.
- Ransomware Simulation. We use a simple, benign application to display a ransomware pop-up on user desktops.
- Personal Phishing. These simulations aim to use well-known brands like Amazon, Apple, eBay, Facebook and DropBox to ask users to confirm a fake transaction, or to update their details.
At your request users can be directed to quarantine pages that can be tailored to alert them to their mistake or present any other message.
Why use 2-sec?
We take a bespoke approach to assessment for each of our clients:
Industry leading cyber security experts – Our consultants have worked with cyber security since the very first signiificant malware propogated around the globe in 1999. Remember Melissa, ILOVEYOU and Anna Kournikova?
Fully accredited – At both a corporate and an individual level including CREST, CRT, CPSA, QSA, PCI DSS, PA-QSA, CE+, IASME, CHECK, CISSP, CISA, CISM, SANS-GIAC and CEH.
Commitment to understanding your business – We will take adequate time to understand your business, operations and process to accurately prepare your Phishing Simulation.
Multiple simulation types – We offer a range of simulation types, to suit organisations of any size.
Dedicated Customer Success Manager – We know that you’ll have a lot of questions throughout the simulation, so you’ll have direct phone and email contact with your own go-to person.
Clear communication – Our mission is to ‘simplify security’. We will communicate our recommendations to you in a clear and jargon-free way.
How a Phishing Simulation works
We have developed a state-of-the-art phishing simulations, which can measure user response to a harmless phishing email. Our service comprises:
Defining the parameters is important; and we work with you to design a bespoke phishing email.
Given the technological advances in email security, a phishing simulation isn’t quite as easy as “click and send”. We will need to ensure emails are delivered in the correct format, not discarded by your email security systems; and do not end up in Junk Mail. We will also carefully prepare a simulated login page, to which users will be directed. Retrieved usernames and passwords are held securely, or can be deleted upon receipt.
We will schedule two phishing emails, sent a week apart. The first is aimed to raise suspicion, the second definitely should.
Our phishing simulation service will then measure user response, showing how many users clicked the link, entered credentials, or did not interact with the phishing email at all.
Our expert reports will list all our findings; and will also provide detailed, helpful advice on how to remediate such gaps in awareness to prevent your organisation from suffering from a real phishing attack.