A Phishing campaign is an authorised simulated attack that tests staff’s awareness to electronic phishing email attacks. The simulation can help to educate users in how to spot malicious emails and can help you improve your companies security awareness training.
We offer full Phishing email simulation campaigns, that can be customised to your requirements for design or user target groups.
Phishing attacks performed by hackers attempt to obtain sensitive information such as usernames, passwords, photos, documents, bank or credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication such as an email.
A Phishing simulation is the process of testing your staff’s awareness to electronic phishing email campaigns in a safe and constructive manner.
Phishing email campaigns can be sent organisation wide or to individual groups of staff. This will allow you to test your staff’s security awareness and allow you to measure the success of the simulation and identify any staff or security weaknesses that could be improved.
This process allows you to provide security awareness training to any staff who fell victim to the simulation and possibly implement new security rules on any firewalls to block certain file attachments.
Some of the biggest security breaches in recent years have been down to phishing attacks, where a member of staff has clicked a link or entered their user credentials into a phishing email that contains a fake website or login page. Once an attacker gains a session onto the users systems, they have an internal position on your network to gather further information and potentially pivot further into the network.
Armadillo Sec are a CREST approved member company and our security consultants are fully certified by CREST to the highest level in application and infrastructure testing. This allows our consultants to give complete assurance when testing any elements of your environment. We have many years of experience leading large complex government and commercial cyber security tests. Our lead consultants will work with your from start to finish on the project to ensure all requirements are met.
Frequently Asked Questions
Our testers are fully certified by CREST to the highest CCT level in both application and infrastructure testing.
Our CREST member status can be viewed, along with the certified tester types we have on the below link:
It is recommended that Phishing campaigns are run regularly as part of your end user security practices and user awareness training.
Phishing simulations are bespoke depending on the goal or the number of employees, therefore there is not an off-the-shelf price.
For each project we will technically scope your requirements and establish the time needed to complete the work. We will then provide a detailed proposal and breakdown of costs and options.
We supply a full Phishing report, which covers the following:
- Executive management summary - Non technical overview of issues for management board level
- User activity - A complete list of all users who opened, clicked the email or entered any information
- Statistics - Detailed graphs showing the user activity
- Location - Geographical locations of each user opening the email
A sample report can be supplied upon request.
We have a full methodology for all testing services we provide, which is supplied with each project proposal. This outlines the testing steps and all the requirements in order to deliver the test.