A Phishing campaign is an authorised simulated attack that tests staff’s awareness to electronic phishing email attacks. The simulation can help to educate users in how to spot malicious emails and can help you improve your companies security awareness training.
We offer full Phishing email simulation campaigns, that can be customised to your requirements for design or user target groups.
Phishing attacks performed by hackers attempt to obtain sensitive information such as usernames, passwords, photos, documents, bank or credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication such as an email.
A Phishing simulation is the process of testing your staff’s awareness to electronic phishing email campaigns in a safe and constructive manner.
Phishing email campaigns can be sent organisation wide or to individual groups of staff. This will allow you to test your staff’s security awareness and allow you to measure the success of the simulation and identify any staff or security weaknesses that could be improved.
This process allows you to provide security awareness training to any staff who fell victim to the simulation and possibly implement new security rules on any firewalls to block certain file attachments.
Some of the biggest security breaches in recent years have been down to phishing attacks, where a member of staff has clicked a link or entered their user credentials into a phishing email that contains a fake website or login page. Once an attacker gains a session onto the users systems, they have an internal position on your network to gather further information and potentially pivot further into the network.
Armadillo Sec are a CREST certified testing body and we are accredited to operate as a CHECK service provider. All of our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT Level. Our testers are also CHECK Team Leaders (CTL’s) or CHECK Team Members (CTM’s) and are approved to conduct government CHECK testing.
Our team have many years experience conducting a broad range of government and commercial tests and always aim to go the extra mile for our customers.
Frequently Asked Questions
All our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT level.
|CREST Certifications||Certified Testers|
|Practitioner Security Analysts||Yes|
|Registered Penetration Testers||Yes|
|Certified Web Application Testers||Yes|
|Certified Infrastructure Testers||Yes|
Our CREST member status can be viewed, along with the certified tester types we have on the below link:
Our testers are also CHECK Team Leaders (CTL's) or CHECK Team Members (CTM's) and are approved to conduct government CHECK testing.
|CHECK Status||Certified Testers|
|CHECK Team Member (CTM)||Yes|
|CHECK Team Leader (CTL) - Infrastructure||Yes|
|CHECK Team Leader (CTL) - Applications||Yes|
Our CHECK status can be viewed on the below link:
It is recommended that Phishing campaigns are run regularly as part of your end user security practices and user awareness training.
Phishing simulations are bespoke depending on the goal or the number of employees, therefore there is not an off-the-shelf price.
For each project we will technically scope your requirements and establish the time needed to complete the work. We will then provide a detailed proposal and breakdown of costs and options.
We supply a full Phishing report, which covers the following:
- Executive management summary - Non technical overview of issues for management board level
- User activity - A complete list of all users who opened, clicked the email or entered any information
- Statistics - Detailed graphs showing the user activity
- Location - Geographical locations of each user opening the email
A sample report can be supplied upon request.
We have a full methodology for all testing services we provide, which is supplied with each project proposal. This outlines the testing steps and all the requirements in order to deliver the test.