Phishing is a fraudulent email sent to a target to obtain access to sensitive information such as passwords or credit card details. Attackers often disguise as a trustworthy entity by establishing some credibility before making the phishing attempt. Although it is one of the oldest cyber attack techniques, it has remained to be a potent threat to individuals and organizations over a period.
The real risk to your environment lies far beyond the links circulated in phishing emails. Instead of relying on automated tools that measure the users clicking links, INTELLISEC SOLUTIONS performs a full-attack simulation to identify the impact of phishing.
Two facts go with phishing risk assessment – the probability of an attack and its potential impact on your organization. We provide you with detailed, data-based reports on both counts to help you understand and appreciate the phishing preparedness of your environment.
Spear phishing is a specific type of phishing that attacks a particular user as opposed to a random group of individuals. Such attacks are more involved, and INTELLISEC SOLUTIONS offers targeted spear phishing capabilities into each social engineering assessment.
Intellisec Solutions follows the following step-by-step engagement process for phishing assessments.
This is a pre-engagement phase where the purpose and scope of the assessment are determined jointly with your organization. An outline of the project at hand is built based on questions such as:
Since Intellisec Solutions focuses on personalized services, it is imperative to collect relevant information at the beginning. Using this critical information, we perform extensive research to extract information regarding the target company.
Crafting the payload is the next critical phase and includes specifics such as identifying departments, user roles, and associated pretext scenarios. Each user is thoroughly assessed for the most successful and targeted engagements.
After carrying out the campaign and integrating insight from all angles, a final report is delivered. The report aims at providing both the high-level executive summary for the management as well as technical details for the security team. The report enumerates a thorough array of risks, along with remedial steps and documentation of successful phishing attempts. Detailed training guides are offered to resolve the uncovered issues.
Clients often seek user training sessions, and we provide them as an optional offering as in-house training sessions. Care is taken to ensure that the same Intellisec Solutions team member that worked on the phishing assessment earlier is available to lead the session. Such an arrangement allows your team to gain practical insights on specifics at hand.