Phishing Email Assessment
Broad-scale and targeted email phishing attacks are among the most likely type of cyber attack that businesses are having to contend with today. Such emails can be sent with little risk, and if successful, could trick users into revealing sensitive information such as login credentials, or potentially even result in the installation of malware. Such emails could be sent in mass to all employees when just one successful exploit is needed to compromise the business’ sensitive data. Alternatively, specific individuals within the business may be targeted with highly bespoke emails, aiming to leverage that particular employee’s privileges.
Pentest People’s Phishing Email Assessment simulates both a broad-scale generic email phishing attack or a realistic targeted attack on key employees. The result of this assessment generates valuable statistics for measuring the effectiveness of business awareness training and procedures.
Overview of Methodology
The Phishing Email Assessment will typically include the following fundamental stages:
Bespoke Fake Portals
Tracked Emails and Responses
Awareness Training
What are the Risks?
Email Phishing attacks are becoming more predominant in every industry. It’s one of the most universal types of cyberattack and can be used to gain easy access to a businesses network.
Businesses have to make employees aware of such phishing attempts, that can be both broad-scale and targeted (most likely on more high ranking employees). The Pentest People Email Phishing Assessment is the perfect solution for training your team and finding the weaknesses in your employees awareness.
How Can We Help?
Pentest People can help alleviate the risks associated with Email Phishing by performing either a broad-scale or targeted phishing scenario.
Pentest People have a professional Email Phishing Service that can be used to identify flaws that exist within your team in regard to their email phishing awareness. From this assessment you can create professional training protocol so your employees never fall victim to such attacks.
The service would be delivered as part of the Pentest People Penetration Testing as a Service (PTaaS) and full access to the SecurePortal and other complementary tools would be provided.
The Phishing Email Assessment
Allows Access to SecurePortal
Digital Report
Until now, the traditional deliverable from a Penetration Test engagement has been a lengthy 100+ page PDF report.
Pentest People have developed a solution to this issue where you interact with your vulnerabilities within the SecurePortal.
Vulnerability Data
Constantly updating Vulnerability Information to stay in touch with the emerging threat landscape.
Receive overview and trend data of all of the current security issues you face in your organisation. All viewable on an interactive dashboard.
Skilled Consultants
Rest assured that your assessments are performed by qualified Security Consultants.
Our specialised team of security consultants hold industry qualifications such as CHECK Team Member & Team Leader, CCIE, CISSP and CEH.
Key Benefits
Understand the security risks associated with phishing scams through a thorough assessment to highlight training areas to focus on.
- Email Phishing is the most widely used form of cyber attack businesses have to contend with.
- Chose between either a broad-scale generic email phishing attack or a realistic targeted attack on key employees.
- Many organisations require an email phishing scenario as part of employee awareness training. Pentest People are experienced in this form of attack and our consultants use it daily during other Penetration Testing Services.
- The results of the assessment can be used to provide recommendations for awareness training area of focus.
Frequently
Asked Questions
What types of phishing Assessments do you offer?
Pentest People offer a broad range of phishing services that can be completely tailored to suit your needs. Typically, a login portal of some kind will be spoofed with code that will gather credentials entered on the page. At this point, we can stop the campaign or as companies often want, we can dig further and try to access systems like office365.
Phishing is often executed as part of a larger Social Engineering package that consists of Open Source Intelligence Gathering (OSINT), Telephone phishing and physical intrusion. It can be sold as a single service.
What impact can phishing have on my company?
Two-thirds of all malware arrives via email attachments and sophisticated phishing emails facilitate 90% of successful cyber attacks.
According to trend labs, the average cost of a business email compromise attack is $140,000 but this can be more significant with Leoni AG losing $44.6 million in a single attack. Between 2013 and 2018, over $12 billion was lost to phishing attacks.
What is the deliverable from the service?
The aim of a phishing campaign is to target staff members by simulating a realistic phishing attack and analysing the response from staff members. This allows companies to understand how likely they are to be compromised by a phishing attack and identify key areas/people that may require additional security awareness training.
Regular phishing campaigns allow you to track the progress your security awareness training over time.