Phishing emails are emails that are intended to induce the user to reveal data about himself or his environment.
Often, links are used that lead to a prepared website or attachments in the form of Office documents that can be found in the email. The fake website or the attachments can be accessed according to the user’s data. This is done, for example, by actively entering data by the user in the corresponding input fields or by quietly monitoring the activities of the user.
Imitating an attacker’s approach in a phishing campaign. In consultation with you, we will send fake emails to your staff. This happens in several stages and then we statistically check how the users behaved. We will then show you how often emails were opened, attachments downloaded or sensitive data passed on without consultation.
In addition to the technical security gaps in your company, there are also weak points that are of a human nature. Damage cannot be completely prevented by technical measures, but the upbringing and awareness of the user plays a decisive role.
Phishing is a form of Social engineering and exploits the human point of attack. This is precisely why it is so important to take stock and train your employees. Through the phishing campaign, you can see how vulnerable your employees are to attacks on the one hand, and on the other hand, the employees experience an aha effect that lingers longer than the instruction in a newsletter or a seminar.
A phishing campaign is running in several phases over a period of about three weeks. The aim is to find out how the employees react to different scenarios and which emails could pose a danger. Your employees need to be informed that a campaign is in progress, but the exact time period and content are not disclosed.
The actual campaign consists of a series of emails.
In the first phase, it is often emails containing shipping confirmations or invoices that should easily be recognized as incorrect.
In the next step, for example. Mails that seem to come from the HR department and contain alleged applications or salary information.
The last phase consists of e-mails that contain, for example, the manager’s call for a password check. The apparent authority and simulated urgency lure many users into the trap.
The goal is not to simply fool the employees, but rather a Vulnerability awareness to accomplish. Information on the behavior of individual users is not disclosed.