Skip to Main Content
Get ahead in Cloud security – save 25% on selected training courses. Find out more.
Simulated Phishing Attack

Simulated Phishing Attack

SKU: 4451
Format: Consultancy

This simulated attack will establish whether your employees are vulnerable to phishing emails, enabling you to take immediate remedial action to improve your cyber security posture. 

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account.  Apply online today or call our service centre team on 00 800 48 484 484.

 COVID-19: remote delivery options

We would like to reassure our clients that all training and consultancy services will go ahead as scheduled during the current COVID-19 situation. As a company that fully embraces flexible and remote working, we are adjusting our delivery methods to allow us to provide consultancy services, penetration tests and training remotely where necessary. Please also refer to our COVID-19 policy.

For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service
Overview

IT Governance will perform a simulated phishing attack to determine your organisation’s current susceptibility to this type of attack, identifying the groups of users most at risk.

Our team of penetration testers will come up with a range of phishing scenarios. We use various techniques, but they generally involve sending an email to random, or in some cases nominated, personnel. The email asks the targeted employees to take certain actions that will result in them giving sensitive information such as usernames and passwords. The responses and any information contained within will be intercepted and assessed, while redirecting users to prevent suspicion.

The identified vulnerabilities are presented in a format that allows an organisation to assess the resistance of its employees to a phishing attack.


Your challenge

Phishing attacks are quick and easy to implement and deliver an enormous return on investment, which has motivated criminals to create increasingly sophisticated and creative phishing ‘lures’. These are often indistinguishable from genuine emails, text messages or phone calls; in general, affected users don’t report the compromise until it is too late, inflicting enormous damage on your organisation. Senior management need regular assurance that staff have been properly trained on how to spot phishing emails, and the only real way to achieve this is through a simulated phishing attack.


Our service offering

  • A detailed consultation to identify the depth and breadth of the tests required, with careful scoping of the test environment to establish the exact extent of the testing exercise.
  • A range of manual tests conducted by our team of highly skilled penetration testers using a methodology closely aligned with the Open Source Security Testing Methodology (OSSTM).
  • A series of wireless surveys of the scoped environment, with automated and manual identification of vulnerabilities.
  • Immediate notification of any critical vulnerabilities in order for you to take action quickly.
  • A detailed technical report that details the identified vulnerabilities (ranked in order of significance).
  • A list of recommended countermeasures to address any identified vulnerabilities.
  • An executive summary that explains in business terms what the risks mean

Benefits

A simulated phishing attack allows you to:

  • Quickly find out if there is an internal awareness problem;
  • Determine who to enrol in training after they fall for an attack – an effective way to change end-user behaviour; and
  • Craft campaigns based on the experiences and threat analysis of our expert security testing team.
Conditions

Service conditions

  • A consultation to determine the extent of the phishing simulation.
  • Design and development of a targeted phishing campaign that simulates a popular phishing attack vector (e.g. a ‘drive-by download’). The actual vector deployed will be agreed after a scoping discussion with the client.
  • Carefully designed non-destructive attacks target IT users of your choice and measure the results.
  • Our experienced consultants interpret the results to provide trend analysis and highlight problem areas such as department or location.
  • An on-site presentation of report findings and remedial consultations can be provided upon request at an additional cost.
  • Travel and transportation costs related to work conducted at the client’s premises will be billed separately.
Why IT Governance?

Why choose us?

  • Penetration tests should only be carried out by experienced consultants with the necessary technical skill set and qualifications. Our consultants have strong technical knowledge and a proven track record in finding security vulnerabilities. They can carry out exploits in a safe manner and advise on appropriate mitigation measures to ensure that your systems are secure.
  • Our CREST-certified penetration testing team will provide you with clarity, technical expertise and peace of mind knowing that your employees susceptibility to phishing lures has been reviewed by experienced social engineering penetration testers in line with your business requirements.

Customer Reviews

top
Risk Assessment
Workshop
- 22 Oct
Loading...