Phishing Services
Phishing is a deceptive communication that disguises as a legitimate one and is perhaps the best known type of cyber attack. Section has over a decade of experience with designing and executing targeted phishing campaigns against SME's and large enterprises, with a track record of thousands of phishing emails.
Simulated Phishing Attacks
The dangers of phishing are well-documented, constituting approximately 91% of all cyber attacks in the wild: As delivery method for everything from malicious backdoors to evil ransomware attacks. To combat malicious phishing emails, employees need hands-on training on how to effectively identify, mitigate and report phishing emails. Section provides simulated phishing attacks that are 100% similar to real phishing emails. We believe in providing as close to real attacks as possible. However, our malware is benign, and causes no harm, making the phishing tests completely safe for your company and your employees.
When performing simulated phishing attacks, Section applies a black box testing approach, which involves conducting the attack from the outside of the client environment and with no prior knowledge required of the target(s), thereby simulating a real-world attack scenario. Most phishing tests are conducted from the inside of the firewall, but at Section we believe it will reduce a phishing test to merely testing the human factor of cyber security - we want to test the technical aspects as well, including firewall, endpoint security, spam filter and mail server configuration.
How Does It Work?
When performing simulated phishing attacks, Section utilizes a black box methodology, which means that we perform the phishing test outside of the client environment exactly as cyber criminals would. This ensures a realistic attack scenario and tests both the technical configuration and the human element of a client's cyber security.
-
Scoping
We engage with our clients before conducting a phishing test in an effort to understand their requirements, and we perform an initial assessment to define the scope of the phishing campaign. Some clients only require 3-5 phishing attacks a year, while others prefer continuous attacks to ensure a constant high awareness level amongst their employees, amounting to hundreds - or even thousands - of yearly phishing attacks.
-
Reconnaissance
Prior to conducting the attacks, Section performs intial cyber reconnaissance in an effort to locate information that can be utilized in the attack phase. The information collected may contain usernames, email addresses, company assets, and more.
-
Probing
Once we have collected the necessary information, we begin initial probing of the target company, which will reveal information that helps us ensure the phishing attacks are successfully delivered.
-
Attack
Once ready, we design the targeted phishing emails and execute the attack by sending the phishing emails to the employees, which may contain benign simulated malware that is intended to emulate real malware.
-
Reporting
the results of the phishing campaign are analysed and reported back to the client in full with identification of vulnerabilities, their employees' susceptibility to phishing emails (anonymized) and associated risks as well as an action list of recommendations.
-
Awareness Training
Once a baseline phishing susceptibility level has been established, clients will typically select our awareness training, where employees are taught practical methods to identify phishing attempts. You can read more about our awareness training here.
Should I Test My Employee's Susceptibility To Phishing?
Yes - you should. If you have never before had a phishing test performed at your company, then you need to start now. A typical mid-size company receives approx. 30,000 spam and phishing emails on a monthly basis - some of those will without a doubt make it through the spam filter. How will your employees react to the phishing emails that make it through? You will not know the answer to that question if you have never had a phishing test performed.
We know from experience that approx. 43% of an organisation is susceptible to phishing emails and prone to clicking on phishing links, opening malicious files or entering credentials into phishing sites. The risk alone constitutes a concern for most companies, and most do decide to have phishing tests performed in an effort to understand their company's susceptibility level.
With a phishing test you will know exactly how vulnerable your organisation is to phishing attacks, and you will know where to direct resources to mitigate the threats, thereby reducing the associated risks.
Want to learn more about our phishing services?
Contact Section for more information on how we can help your company become resilient against phishing with simulated attacks that provide hands-on experience and training for your employees.