Phishing Email Assessment

Let Pentest People perform an email phishing campaign in either a broad scale or targeted based attack.

Explore More

Phishing Email Assessment

Broad-scale and targeted email phishing attacks are among the most likely type of cyber attack that businesses are having to contend with today. Such emails can be sent with little risk, and if successful, could trick users into revealing sensitive information such as login credentials, or potentially even result in the installation of malware. Such emails could be sent in mass to all employees when just one successful exploit is needed to compromise the business’ sensitive data. Alternatively, specific individuals within the business may be targeted with highly bespoke emails, aiming to leverage that particular employee’s privileges.

Pentest People’s Phishing Email Assessment simulates both a broad-scale generic email phishing attack or a realistic targeted attack on key employees. The result of this assessment generates valuable statistics for measuring the effectiveness of business awareness training and procedures.

Overview of Methodology

The Phishing Email Assessment will typically include the following fundamental stages:

Pentest People use proprietary software to automate the sending of emails, tracking of responses, and hosting of fake login portals. As such, bespoke portals can be built from scratch to perfectly match any the client may have. These portals are then used to capture
the credentials of users.

Emails sent are embedded with information unique to the target user, allowing Pentest People to track which users clicked links, submitted credentials, the times of all events, and will cross-reference this information with departments and/or locations to build useful statistics.

The results of the phishing assessment are then used to provide recommendations for awareness training areas of focus.

What are the Risks?

Email Phishing attacks are becoming more predominant in every industry. It’s one of the most universal types of cyberattack and can be used to gain easy access to a businesses network.

Businesses have to make employees aware of such phishing attempts, that can be both broad-scale and targeted (most likely on more high ranking employees). The Pentest People Email Phishing Assessment is the perfect solution for training your team and finding the weaknesses in your employees awareness.

How Can We Help?

Pentest People can help alleviate the risks associated with Email Phishing by performing either a broad-scale or targeted phishing scenario.

Pentest People have a professional Email Phishing Service that can be used to identify flaws that exist within your team in regard to their email phishing awareness. From this assessment you can create professional training protocol so your employees never fall victim to such attacks.

The service would be delivered as part of the Pentest People Penetration Testing as a Service (PTaaS) and full access to the SecurePortal and other complementary tools would be provided.

Find Out More

The Phishing Email Assessment
Allows Access to SecurePortal

018-bar graph

Digital Report

Until now, the traditional deliverable from a Penetration Test engagement has been a lengthy 100+ page PDF report.

Pentest People have developed a solution to this issue where you interact with your vulnerabilities within the SecurePortal.

008-cloud

Vulnerability Data

Constantly updating Vulnerability Information to stay in touch with the emerging threat landscape.

Receive overview and trend data of all of the current security issues you face in your organisation. All viewable on an interactive dashboard.

022-security

Skilled Consultants

Rest assured that your assessments are performed by qualified Security Consultants.

Our specialised team of security consultants hold industry qualifications such as CHECK Team Member & Team LeaderCCIE, CISSP and CEH.

Key Benefits

Understand the security risks associated with phishing scams through a thorough assessment to highlight training areas to focus on.

  • Email Phishing is the most widely used form of cyber attack businesses have to contend with.
  • Chose between either a broad-scale generic email phishing attack or a realistic targeted attack on key employees.
  • Many organisations require an email phishing scenario as part of employee awareness training. Pentest People are experienced in this form of attack and our consultants use it daily during other Penetration Testing Services.
  • The results of the assessment can be used to provide recommendations for awareness training area of focus.

Frequently
Asked Questions


Pentest People offer a broad range of phishing services that can be completely tailored to suit your needs. Typically, a login portal of some kind will be spoofed with code that will gather credentials entered on the page. At this point, we can stop the campaign or as companies often want, we can dig further and try to access systems like office365.

Phishing is often executed as part of a larger Social Engineering package that consists of Open Source Intelligence Gathering (OSINT), Telephone phishing and physical intrusion. It can be sold as a single service.

Two-thirds of all malware arrives via email attachments and sophisticated phishing emails facilitate 90% of successful cyber attacks.

According to trend labs, the average cost of a business email compromise attack is $140,000 but this can be more significant with Leoni AG losing $44.6 million in a single attack. Between 2013 and 2018, over $12 billion was lost to phishing attacks.

The aim of a phishing campaign is to target staff members by simulating a realistic phishing attack and analysing the response from staff members. This allows companies to understand how likely they are to be compromised by a phishing attack and identify key areas/people that may require additional security awareness training.

Regular phishing campaigns allow you to track the progress your security awareness training over time.

Download our Phishing Email
Assessment Data Sheet

Phishing Email Assessment