Phishing Assessment

Phishing assessment identify the security and awareness level of the single and most important asset a bigger IT can’t help. The human.

Hundreds of billions of emails are sent every day. We’ve all received spam mail, trying to entice you into clicking a link or opening an attachment. This may or may not be coupled with a phone call from someone under the guise of legitimate business, strengthened by elements of knowledge obtained from prior research in an attempt to shroud you in a false sense of security.

If the attack is successful it could potentially result in the downloading of malware for further compromise, or the theft of personal data, money or intellectual property. Our phishing assessments help identify your perimeter security controls and staff awareness levels, allowing you to strengthen the wall between your company’s internal network and remote threat actors.

A strong security culture requires vigilance and assertiveness, but how can this be effectively tested?

We offer phishing and vishing social engineering attack simulations using techniques and unique plausible pretexts designed for your environment, testing your organisation’s awareness.

 

If you’re looking to bolster your organisation’s cyber awareness culture, we offer a 1-day awareness training primer that will enhance the knowledge and resilience of your staff moving forwards.

social engineering

Awareness Engagements

Awareness engagements are, as the name suggests, awareness based. A single or small number of emails constructed under a suitable pretext are sent to all or some of your staff. Interaction rates of clicked links and optionally data submitted, depending on your requirements, are then monitored.


Exploitative Engagements

Exploitative engagements are structured and executed in the same way as awareness campaigns, however the aim is to attempt to gain access to your internal environment as a result of user interaction. The exercise can either end there to demonstrate proof of concept, or can continue to assess the level of access a remote attacker could establish once a foothold is established.