Home

Arrow icon

Services

Arrow icon

Phishing Campaign

Phishing Campaign

Launch a phishing engagement to assess end-user security awareness and educate your workforce on the dangers of social engineering. Find out how a simulated phishing campaign can dramatically decrease the success of real phishing attempts.

Launch a phishing engagement to assess end-user security awareness and educate your workforce on the dangers of social engineering. Find out how a simulated phishing campaign can dramatically decrease the success of real phishing attempts.

Get Started
Background Image

Simulated social engineering.

Eye Icon

Identify Weaknesses

Gain a data-driven understanding of your end-user information security awareness and pinpoint areas of weakness within the social dynamics of your organisation.

Book Icon

Increase Security Awareness

Educate employees on the ever-increasing importance of phishing and social engineering threats with practical examples. Obtain an authentic picture of business risk after a planned social engineering engagement.

Tick Icon

Assess Incident Response

Assess your risk management program and incident response procedures in the case of a real-world attack. Determine where your existing information security processes and preventative measures are ineffective.

Our Methodology

Phishing Engagement Methodology Icons Image

Pre-Engagement

An initial discussion on the assessment scope, the overall social engineering threats associated with your business, who is the prime audience for a phishing attack and the intended goal of the engagement.

Reconnaissance

The in-depth information-gathering phase. The collected data is utilised in the later scenario-planning step and allows the engineers to gain an understanding of the business and the employees within.

Scenario Planning

Once the target audience and data to be captured is agreed upon, a phishing scenario is planned. Any associated materials to be used in the engagement such as emails and websites are designed and developed.

Deployment

The phishing simulation is deployed to the target audience and the results are closely monitored. Data is captured and statistics on the engagement are calculated.

Comprehensive Reporting

A clear and concise report with an executive summary. The phishing campaign is detailed with graphs and statistics, illustrating the determined business risk and where improvements need to take place.

Our Methodology

Speechmark Icon

Pre-Engagement

An initial discussion on the assessment scope, the overall social engineering threats associated with your business, who is the prime audience for a phishing attack and the intended goal of the engagement.

Eye Icon

Reconnaissance

The in-depth information-gathering phase. The collected data is utilised in the later scenario-planning step and allows the engineers to gain an understanding of the business and the employees within.

Network Icon

Scenario Planning

Once the target audience and data to be captured is agreed upon, a phishing scenario is planned. Any associated materials to be used in the engagement such as emails and websites are designed and developed.

Mail Icon

Deployment

The phishing simulation is deployed to the target audience and the results are closely monitored. Data is captured and statistics on the engagement are calculated.

Document Icon

Comprehensive Reporting

A clear and concise report with an executive summary. The phishing campaign is detailed with graphs and statistics, illustrating the determined business risk and where improvements need to take place.

Our Methodology

Pre-Engagement

Speechmark Icon

An initial discussion on the assessment scope, the overall social engineering threats associated with your business, who is the prime audience for a phishing attack and the intended goal of the engagement.

Reconnaissance

Eye Icon

The in-depth information-gathering phase. The collected data is utilised in the later scenario-planning step and allows the engineers to gain an understanding of the business and the employees within.

Scenario Planning

Network Icon

Once the target audience and data to be captured is agreed upon, a phishing scenario is planned. Any associated materials to be used in the engagement such as emails and websites are designed and developed.

Deployment

Mail Icon

The phishing simulation is deployed to the target audience and the results are closely monitored. Data is captured and statistics on the engagement are calculated.

Comprehensive Reporting

Document Icon

A clear and concise report with an executive summary. The phishing campaign is detailed with graphs and statistics, illustrating the determined business risk and where improvements need to take place.

We use fully accredited testers.

CPSA Accreditation Icon CRT Accreditation Icon OSCP Accreditation Icon

Frequently Asked Questions

Will the phishing engagement capture any sensitive or personal information?

This is entirely up to you. In a typical (and recommended) engagement, we would prompt the user for personal information as a part of the phishing attack, but without actually transmitting any entered information. The data would never leave the users system. This allows you to gain an understanding of how many users would enter details without the safety risk of transmitting personal data. However, if you would like to capture actual information, this would be transmitted using a secure HTTPS connection. There is even the ability for these details to only be transmitted within the organisation if having this data stored elsewhere is a concern.

Plus Icon

Should we hold users that fall for the phishing attack accountable?

A phishing simulation should be used as an awareness strategy. You should never punish users who are struggling to recognise or fall for such phishing attacks as this will create problems in the workspace and will ultimately diminish morale. Users who fail to recognise a phishing attack should be given remedial training rather than any disciplinary measures.

Plus Icon

How do you choose a phishing scenario?

There are a variety of ways in which we can generate or build a phishing scenario. We can either create this using any existing ideas you may have or undertake a reconnaissance phase before the engagement. This will allow us to gain a better understanding of business protocols which may lead to an effective phishing vector.

Plus Icon

Speak to an expert today.

Get in Touch