Phishing is a commonly used technique by cyber criminals and can involve emails, text messaging, phone calls or social media. An attacker will attempt to trick users into doing ‘the wrong thing’, such as clicking a web link that will download malware or direct them to a malicious website. Phishing can also be used to trick users to disclose personal information or passwords which the attacker will use to masquerade as the user to gain access to valuable data on your system.
A key element in defending against phishing attacks is educating users to spot such attempts and report them. Our Phishing assessments are designed to test your user behaviour through simulated phishing attacks. We develop attack scenarios that are contextualised to your environment and report on agreed criteria such as which users were fooled by the attack and what information we managed to collect.
Following the assessment, we can deliver training to help your users to recognise phishing attempts. We can also support you to build a comprehensive security strategy to protect against phishing attacks including technical measures and incident management processes.