Test how well your employees follow your cyber security policy and what information they are prepared to reveal to a malicious party.
Phishing refers to sending an email that tricks a person into clicking on a link or opening an attachment. The goal of phishing is to steal information, such as usernames and passwords or credit card information. Clicking on links in phishing emails or entering your username and password on malicious websites, can put your information at risk – this includes not only your organization’s critical data but also your personal data. Through phishing emails, attackers can gain access to confidential information, steal money from your bank accounts, and steal your identity.
In most cases, opening an email will not result in compromise. The risk is in clicking on links or opening attachments. Attackers can email you infected attachments that install malicious software, commonly referred to as malware. Clicking on a link in an email can take you to a website which steals login information or install malware on your device or computer without your knowledge.
Fraudulently obtaining security information such as usernames and password through phishing scams is the fastest rising online crime method used for stealing personal information and perpetrating identity theft. By running a phishing campaign, you can find out which of your employees is vulnerable to deception and how your organization compares with similar-sized entities in your market segment. While employee vulnerability is generally decreasing due to awareness in modern organizations, malware infection is on the rise. There have been several cases in the last year of ransomware attacks taking a hold of an organizations infrastructure and encrypting their data due to an employee clicking on a malicious link which they believed to be genuine.
As businesses continue to deploy anti-phishing strategies and educate their users about cyber security, cyber-criminals continue to improve phishing attacks and develop new scams. Here’s more information about some of the most common types of phishing campaigns.
Spear phishing attacks are targeted at an individual or small group, typically with access to sensitive information or the ability to transfer funds. Cyber-criminals gather information about the intended target in advance and leverage it to personalize the attack, create a sense of familiarity and make the malicious email seem trustworthy. Spear-phishing emails typically appear to come from someone the target knows, such as a co-worker at their company or another business in their network.
Whaling is a spear-phishing attack that specifically targets senior executives at a business.
Vishing, or voice phishing, uses a telephone message to try to get potential victims to call back with their personal information. Cyber-criminals often use fake caller-ID information to make the calls appear to be from a legitimate organization or business.
Smishing, also known as SMS phishing, uses text messages to try to lure victims into revealing account information or installing malware.
Mitiget’s phishing campaigns involve targeting a wide group of users in your organization by sending them an email that entices them to visit a web application and perform a task, such as entering their log in credentials. We do this with no knowledge of your technical structure and it is usually formed as a generic mail, for example offers from online shops, interesting news articles or changes to their accounts, to try to convince the users to open a malicious attachment or clink on a bad link.
Our phishing campaigns can also be re-run after implementing updated security policies or employee awareness training to evaluate improvement.
Information Security Awareness
Cyber-security Training Courses
Secure Records Management Training Courses
IT and Service Management Training Courses
Risk Management Training Courses