An effective phishing campaign can help you analyse the browsing habits of your employees, their information security awareness and effectiveness of your perimeter controls in place
One of the most common attack vectors behind compromises is gaining access via email-based phishing attacks.
A phishing simulation unlike done by an automated tool, assures both the technical and people controls. Our phishing campaign involves sending targeted emails in a controlled manner, track user actions in a non-intrusive manner, access the technical restrictions in place, and related information about the user's underlying host. An assessment report provides a comprehensive view of how a campaign was run, the information collected beforehand and the end results with mitigation measures.
We offer a range of phishing campaigns to our customers:
Vishing involves phishing using the phone. The phisher calls an unsuspecting victim over the phone pretending to be a worker of a supplier, support helpdesk or even from the bank, to collect personal information.
Unlike email phishing, for Smishing, the attack vector is a phone number. The phisher pretends to act on behalf of a trusted or legitimate company and sends an SMS to the unsuspecting victim. This could be a genuine sounding reason that needs immediate attention like e.g..., announcing that they have won a prize or offering them to participate in a raffle or context.
Spear phishing attack is usually personalized. Hackers normally include some personal data in the phishing emails, such as the name of the victim, their role in the company or even (for a personal touch) their phone number. The reason for this is to gain their confidence and, therefore, obtain the information they need to compromise the corporate network and access the confidential data they are looking for.
Mass phishing emails are sent to a group of people with similar interests based on their brand preferences, demographics, and choices. In a mass phishing attack, the emails sent to unsuspecting users are clones of genuine-looking websites like Amazon, Microsoft, Paypal or even delivery site like UPS.
Email phishing is one of the easiest types of phishing and is used to trick unsuspecting users into giving information without their knowledge. This phishing can be launched in several different ways:
Our reports are comprehensive and include all the evidence that supports our findings. We give you a risk rating that considers how likely an attack is as well as the impact it could have. We don’t create panic scenarios. Our mitigation is detailed, covering both strategic and tactical areas to help our clients prepare a remediation plan.
Apart from the range of commercial and open source tools available for specific testing, our team has its own custom scripts for efficient testing. We provide accurate results to make sure our clients completely understand any vulnerabilities we report.
Our teams are led by veteran security consultants accredited by CREST standards for the last several years. Our experience shows that our clients are best served by giving them the right advice for their cyber security needs. We do not believe in spreading fear, uncertainty and doubt to generate more business.
An investigation was immediately launched which revealed the compromised account contained protected health information. Affected patients were notified about the breach on April 12, 2019. All individuals impacted by the breach had received medical services from Questcare in the Dallas, Fort Worth, or Arlington regions of Texas.
Netflix customers in Ireland are being targeted with a phishing attack in an attempt to hack their accounts. The streaming giant has put out a warning to try to avoid other users falling victim to the same fraud.
