Test how well your employees follow your cyber security policy and what information they are prepared to reveal to a malicious party.
Phishing refers to sending an email that tricks a person into clicking on a link or opening an attachment. The goal of phishing is to steal information, such as usernames and passwords or credit card information. Clicking on links in phishing emails or entering your username and password on malicious websites, can put your information at risk – this includes not only your organization’s critical data but also your personal data. Through phishing emails, attackers can gain access to confidential information, steal money from your bank accounts, and steal your identity.
In most cases, opening an email will not result in compromise. The risk is in clicking on links or opening attachments. Attackers can email you infected attachments that install malicious software, commonly referred to as malware. Clicking on a link in an email can take you to a website which steals login information or install malware on your device or computer without your knowledge.
Why should you run a phishing attack assessment and campaign?
Fraudulently obtaining security information such as usernames and password through phishing scams is the fastest rising online crime method used for stealing personal information and perpetrating identity theft. By running a phishing campaign, you can find out which of your employees is vulnerable to deception and how your organization compares with similar-sized entities in your market segment. While employee vulnerability is generally decreasing due to awareness in modern organizations, malware infection is on the rise. There have been several cases in the last year of ransomware attacks taking a hold of an organizations infrastructure and encrypting their data due to an employee clicking on a malicious link which they believed to be genuine.
Ways of Phishing Campaigns
As businesses continue to deploy anti-phishing strategies and educate their users about cyber security, cyber-criminals continue to improve phishing attacks and develop new scams. Here’s more information about some of the most common types of phishing campaigns.
Spear phishing attacks are targeted at an individual or small group, typically with access to sensitive information or the ability to transfer funds. Cyber-criminals gather information about the intended target in advance and leverage it to personalize the attack, create a sense of familiarity and make the malicious email seem trustworthy. Spear-phishing emails typically appear to come from someone the target knows, such as a co-worker at their company or another business in their network.
Whaling is a spear-phishing attack that specifically targets senior executives at a business.
Vishing, or voice phishing, uses a telephone message to try to get potential victims to call back with their personal information. Cyber-criminals often use fake caller-ID information to make the calls appear to be from a legitimate organization or business.
Smishing, also known as SMS phishing, uses text messages to try to lure victims into revealing account information or installing malware.
Conducting Your Phishing Campaign
Mitiget’s phishing campaigns involve targeting a wide group of users in your organization by sending them an email that entices them to visit a web application and perform a task, such as entering their log in credentials. We do this with no knowledge of your technical structure and it is usually formed as a generic mail, for example offers from online shops, interesting news articles or changes to their accounts, to try to convince the users to open a malicious attachment or clink on a bad link.
Our phishing campaigns can also be re-run after implementing updated security policies or employee awareness training to evaluate improvement.
GET COMPLIANCE, GET ISO CERTIFIED
Achieve your ISO certification in a seamless, timely and affordable manner. We make it easier and stress free for you. Certification guaranteed in your time frame. 100% Trusted Services – Control Implementation, Training, Documentation, Audit, Certification.
ISO 27001 CERTIFICATION We work with organizations to identify areas of improvement and meet ISO 27001 standards and requirements for information security management systems (ISMS), providing gap analysis and guidance on improving their overall cyber security controls. Read more … |
ISO 22301 CERTIFICATION We work with organizations to identify areas of improvement and meet ISO 22301 standards and requirements for Business Continuity Management System (BCMS), providing business impact analysis and guidance on improving their overall business resilience.Read more … |
PCI DSS COMPLIANCE We offer a variety of services to help you achieve and maintain PCI compliance. This includes PCI gap assessments, annual AOC (Attestation of Compliance) and Self Assessment Questionnaire (SAQ) assistance, along with cyber security program development and design for PCI organizations.Read more … |
GDPR CERTIFICATION We help you to be GDPR compliant. This makes you demonstrate accountability for how you store, maintain and protect both your client’s and employee’s data. We help you develop policies, embed new processes, educate staff and ensure the right security and encryption is applied to all your devices.Read more … |