Email Phishing Services

Photo by BrianAJackson/iStock / Getty Images

We use Phishing techniques to attempt to infect user computers or trick users to divulge sensitive information. Email Phishing will measure how many users fall for the phishing ploy and click on a link or open an attachment.  

BENEFITS / RETURN ON INVESTMENT (ROI)

Source: 2015 Data Breach Investigations Report (Verizon)

Source: 2015 Data Breach Investigations Report (Verizon)

Our Phishing services provides an economic way for you to measure the effectiveness of your Security Awareness training.  Many attackers use social engineering tactics to take control of your systems.  People, processes, and technologies have to work in concert to achieve a secure environment.  Our Phishing campaigns test the people part of this triad.

Deliverable

The Phishing Report covers tactics used for the email phishing campaigns, as well as any other authorized social engineering tactics. Phishing analytics will be provided for an email campaign that show how many users “fell” for the tactic used by clicking on a link or opening an attachment.  Samples of phishing emails are included in this section of the report.  

Interested in testing your users to see measure the effectiveness of your Security Awareness training?

Contact Us for more information about our Email Phishing service, part of our overall Social Engineering service.

Phishing FAQs

What are some of the common tactics used for Phishing?

Example of a fake "Facebook" designed to steal credentials.

Attacker craft messages with the following characteristics:

  • Curiosity - the message makes you so curious, you can't help but click on a link or open the attachment
  • Urgency - the message has a sense of urgency, where if you don't "take action" soon, something bad may happen to you, such as your credit card account being frozen
  • Fear - the message elicits fear, causing you to take action, such as a message claiming your computer is infected and infecting other computers and you may be fined unless you "take action"

Is the email phishing test performed remotely or onsite?

Remotely.

What does a phishing email look like?

If phishing is done properly, the email should look very realistic and be hard to tell from a legitimate email. Below is a sample phishing email from the "IRS".  Checking the "From" and "Reply-To" and hyperlinks can be used to reveal the email is not legitimate and is phishing.

Sample Phishing Email

Is Phishing part of penetration testing?

Yes, phishing can be used as part of a penetration test.  We prefer to offer our services in a line-item style so you can choose what works for you.  We also do "pure" penetration tests where we use a combination of multiple tactics, such as physical  (tailgating, badge cloning, etc.), social engineering, and technical.  If you are interested in this type of service, please contact us.