Criminals have become increasingly sophisticated in their attacks. They circumvent traditional email anti-virus measures by only downloading a virus after the email has been delivered and the staff member has clicked on a link or opened an attachment. And they change the virus code so that anti-virus on PCs and servers can’t recognise it.
They also use social engineering to increase the chance of fooling a staff member into believing the email is genuine.
A successful phishing attack can lead to encrypted files and a ransom demand or the release of confidential information (often the staff members’s login details) that can be used to launch further attacks.
Your staff are your last line of defence. Our Phishing Awareness Exercise improves their ability to spot phishing attacks, reducing the risk to your business.
What We Do
General Phishing Emails
We send three different phishing emails to your staff over the course of a week. We record which staff opened the emails, and which clicked on a link in an email. If staff do click on a link they are taken to a page which explains that the email is part of an exercise, and provides some information on how to spot suspicious emails in the future.
Spear Phishing Emails
In addition to receiving the general emails, three nominated staff will receive a targeted email which is crafted using information about them gleaned from the Internet. This is the same process that criminals use to target executive personnel.
We will provide a report showing the percentage of staff who opened an email and who clicked a link. This will enable you to follow up with staff who may need additional training.
Improving staff awareness reduces the risk to your company from emails that can download ransomware and steal login credentials.
The emails we send are similar to the real phishing emails that your staff may encounter, and appear to come from local and international organisations.
When a staff member clicks on a link they are not asked to enter any credentials but are instead taken to a training page. This means that we never hold any of your confidential information.