Phishing Email Security Assessment

Broad-scale and targeted email phishing attacks are among the most likely type of cyber attack that businesses are having to contend with today. Such emails can be sent with little risk, and if successful, could trick users into revealing sensitive information such as login credentials, or potentially even result in the installation of malware. Such emails could be sent in mass to all employees when just one successful exploit is needed to compromise the business’ sensitive data. Alternatively, specific individuals within the business may be targeted with highly bespoke emails, aiming to leverage that particular employee’s privileges.

Pentest People’s Phishing Testing Service simulates both a broad-scale generic email phishing attack or a realistic targeted attack on key employees. The result of this test generates valuable statistics for measuring the effectiveness of business awareness training and procedures.

Listen to one of our Phishing experts
breakdown of this Pentest People Service

For those hard of hearing there is a transcript at the bottom of this page

Overview of our Email Phishing Security Service Methodology

The Phishing Email Assessment will typically include the following fundamental stages:

Targeted Scenarios

Through the gathering of business OSINT, and discussions with the client, appropriate scenarios are designed. These scenarios will assess the business’ procedures and effectiveness of awareness training.

Bespoke Fake Portals

Pentest People use proprietary software to automate the sending of emails, tracking of responses, and hosting of fake login portals. As such, bespoke portals can be built from scratch to perfectly match any the client may have. These portals are then used to capture the credentials of users.

Tracked Emails and Responses

Emails sent are embedded with information unique to the target user, allowing Pentest People to track which users clicked links, submitted credentials, the times of all events, and will cross-reference this information with departments and/or locations to build useful statistics.

Awareness Training

The results of the phishing assessment are then used to provide recommendations for awareness training areas of focus.

What are the Risks?

Email Phishing attacks are becoming more predominant in every industry. It’s one of the most universal types of cyberattack and can be used to gain easy access to a businesses network.

Businesses have to make employees aware of such phishing attempts, that can be both broad-scale and targeted (most likely on more high ranking employees). The Pentest People Phishing Assessment is the perfect solution for training your team and finding the weaknesses in your employees awareness.

How Can Our Phishing Assessment Service Help?

Pentest People can help alleviate the risks associated with Email Phishing by performing either a broad-scale or targeted phishing scenario.

Pentest People have a professional Phishing Service that can be used to identify flaws that exist within your team in regard to their email phishing awareness. From this phishing test service assessment you can create professional training protocol so your employees never fall victim to such attacks.

The service would be delivered as part of the Pentest People Penetration Testing as a Service (PTaaS) and full access to the SecurePortal and other complementary tools would be provided.

Find Out More

The Phishing Email Assessment
Allows Access to SecurePortal

Digital Report

Until now, the traditional deliverable from a Penetration Test engagement has been a lengthy 100+ page PDF report.

Pentest People have developed a solution to this issue where you interact with your vulnerabilities within the SecurePortal.

Vulnerability Data

Constantly updating Vulnerability Information to stay in touch with the emerging threat landscape.

Receive overview and trend data of all of the current security issues you face in your organisation. All viewable on an interactive dashboard.

Skilled Consultants

Rest assured that your assessments are performed by qualified Security Consultants.

Our specialised team of security consultants hold industry qualifications such as CHECK Team Member & Team Leader, CCIE, CISSP and CEH.

Phishing Service Breakdown Transcript

Pentest People’s team of dedicated social engineers will help to perform phishing engagements against your business. These generally take the form of a mocked up phishing portal, which is designed to mimic either an office 365 portal or a custom portal of your choosing. That is then sent out to all the targets that you provide us. You receive some interesting statistics on who’s opened the email, who’s clicked on the link. We’ve visited the page and of course, who’s actually entered details into that portal. Off the back of this pentest people can provide detailed training on how to prevent these sorts of attacks working against your business.

Key Benefits

Understand the security risks associated with phishing scams through a thorough assessment to highlight training areas to focus on.

Email Phishing is the most widely used form of cyber attack businesses have to contend with.
Chose between either a broad-scale generic email phishing attack or a realistic targeted attack on key employees.
Many organisations require an email phishing scenario as part of employee awareness training. Pentest People are experienced in this form of attack and our consultants use it daily during other Penetration Testing Services.
The results of the assessment can be used to provide recommendations for awareness training area of focus.

Frequently
Asked Questions About Phishing Email Assessments

Do I need a Phishing Assessment?

All sized companies can benefit from a phishing assessment. A lot of time and money is spent hardening Infrastructures and Web Applications but ‘people’ are often overlooked even though they are typically the easiest way for an attacker to breach an organisation.

What types of phishing Assessments do you offer?

Pentest People offer a broad range of phishing services that can be completely tailored to suit your needs. Typically, a login portal of some kind will be spoofed with code that will gather credentials entered on the page. At this point, we can stop the campaign or as companies often want, we can dig further and try to access systems like office365. Phishing is often executed as part of a larger Social Engineering package that consists of Open Source Intelligence Gathering (OSINT), Telephone phishing and physical intrusion. It can be sold as a single service.

What impact can phishing have on my company?

Two-thirds of all malware arrives via email attachments and sophisticated phishing emails facilitate 90% of successful cyber attacks. According to trend labs, the average cost of a business email compromise attack is $140,000 but this can be more significant with Leoni AG losing $44.6 million in a single attack. Between 2013 and 2018, over $12 billion was lost to phishing attacks.

What is the deliverable from the service?

The aim of a phishing campaign is to target staff members by simulating a realistic phishing attack and analysing the response from staff members. This allows companies to understand how likely they are to be compromised by a phishing attack and identify key areas/people that may require additional security awareness training. Regular phishing campaigns allow you to track the progress your security awareness training over time.

Download our Phishing Email
Assessment Data Sheet

Phishing Email Assessment