There are several options that we can offer as part of our Phishing and Social Engineering programs. Below are some examples, but we are not limited to these as we can work with your organization to put together an exercise that addresses all of your requirements. For all of the options below, reporting would include the following:
- Number of users who opened email
- If the users clicked on any associated links
- Users who provided credentials
- Real world mitigation strategies based on findings
- Custom and Recurring testing would also include more detailed findings reports along with trending and analysis.
Standard Phishing Attack:
With this approach, we’ll deliver a template email directing users to one of our phishing domains where users will be asked to provide username and password. We have several different types of domains and will choose ones that fit your industry and best targets your end users.
Custom Phishing Attack:
For this attack, we work with your team to build out custom email and sender information. Options can include purchasing a domain specific to your company or industry and registering it with various web filters to create legitimacy. Additionally, we’ll configure DKIM/SPF for better mail accept rates.
Custom Malware Phishing Attack:
Includes everything in the Custom Phishing Attack, but we can take it a step further by delivering malware via a custom domain or we can attach it via a custom email campaign. Additionally, we can work with your staff to deliver a very specific engagement where we spend 1 – 3 days trying to enhance our position and exploit our findings. We do this by pivoting, obtaining hashes, reviewing emails, etc. This test most closely resembles what a real world phishing attack would be like.
For any of the options above, we can provide the testing, as well as on-going management. Rather you are looking for monthly, quarterly or other frequencies, we can conduct the testing per the agreed upon schedule. In doing so, we can provide trending and analytics that allow you to track your progress and find out if your information security program is positively impacting your employee awareness.
Check out our Phishing related blog posts to learn more: