This simulated attack will establish whether your employees are vulnerable to phishing emails, enabling you to take immediate remedial action to improve your cyber security posture.
We would like to reassure our clients that all training and consultancy services will go ahead as scheduled during the current COVID-19 situation. As a company that fully embraces flexible and remote working, we are adjusting our delivery methods to allow us to provide consultancy services, penetration tests and training remotely where necessary. Please also refer to our COVID-19 policy.
IT Governance will perform a simulated phishing attack to determine your organisation’s current susceptibility to this type of attack, identifying the groups of users most at risk.
Our team of penetration testers will come up with a range of phishing scenarios. We use various techniques, but they generally involve sending an email to random, or in some cases nominated, personnel. The email asks the targeted employees to take certain actions that will result in them giving sensitive information such as usernames and passwords. The responses and any information contained within will be intercepted and assessed, while redirecting users to prevent suspicion.
The identified vulnerabilities are presented in a format that allows an organisation to assess the resistance of its employees to a phishing attack.
Phishing attacks are quick and easy to implement and deliver an enormous return on investment, which has motivated criminals to create increasingly sophisticated and creative phishing ‘lures’. These are often indistinguishable from genuine emails, text messages or phone calls; in general, affected users don’t report the compromise until it is too late, inflicting enormous damage on your organisation. Senior management need regular assurance that staff have been properly trained on how to spot phishing emails, and the only real way to achieve this is through a simulated phishing attack.
A simulated phishing attack allows you to: