Verizon’s 2020 Data Breach Investigation Report
End users still are the weakest link
Phishing is the act of luring someone into sending sensitive information. The victim is tricked by using a similar or spoofed original email address, a website that matches the expected looks and functionality, and a story that convinces the users into giving this information. Phishing is an example of social engineering and a popular way to steal information.
Spear phishing is a type of phishing in which an attacker targets a specific employee, a department (e.g., HR, finance, …), or a company. Personal or company-specific information is used to increase trust and thus the chance of success. Spear phishing requires a lot more effort but is also more effective.
Training end users is hard and requires repetition
Your employees are the first and foremost line of defense when it comes to cybersecurity. A phishing simulation helps to educate your employees on the risks related to phishing, increase their security awareness, and avoid them falling for a real-world (spear) phishing scam. User training and awareness is a continuous exercise. By executing recurring waves of phishing campaigns spread over time, it is possible to measure how good your employees become at picking up phishing attempts.
Phishing campaigns tailored to your organization
Our phishing campaigns are tailor made and can include OSINT, the process of gathering information online, using open sources, social media, forums, etc. We create a custom target list of employees and document the names, roles, and connections within the organization, as well as domain names and online infrastructure. All information is combined to create a plausible story, to convince users to fall for it. We mimic your online infrastructure, e.g., your webmail login portal, and create e-mail templates for specific campaigns, paying attention to the native language of the company and the re-use of obtained e-mail signatures. As the attack progresses, and e-mails are sent out, we monitor ongoing attacks live. We take a closer look at our victims, and visualize the timeline of the attack: when the e-mail was sent, when the linked was clicked using which browser version, and what data was submitted. By analyzing the passwords (anonymously), we give you additional information regarding password strength, complexity, the use of password managers, etc.
Don’t hesitate to contact us if you need more information, have a question or believe we can assist you in your quest for Digital Service Excellence.
"I was phished and I didn't even know it. All I wanted was access to the latest fleet management portal of our company."