Phishing Campaigns & PaaS

With Phishing on the increase it is important to know how your organisation is at risk.

Don’t sit back and wait for the breach, the time to test your organisation and train your staff is now. All it can take is one press of a link or the disclosure of one set of valid employee credentials to bring an organisation into a crisis. We work closely with an organisation to bring employee testing and targeted training together.


Realistic Simulated Phishing Attack

Assessing who is susceptible to these techniques and who requires training can be a managed over a period of time in a simulation of a real phishing attack campaign. Full analytics will be provided with assessments to report which users have logged on to a cloned portal or clicked on a link inside an email.

  • Externally facing portals cloned.
  • Fully responsive web and mobile attacks.
  • Test how malicious Google Chrome browser extensions are handled.
  • Credentials harvested and reported on from various sources – always securely.
  • Several levels of Phishing email simulations.
  • Can be combined with other kinds of Social Engineering assessments.
  • A focus on user training and staff induction programs post simulation.
  • Increased training available to VIP and key personnel within an organisation.

Realistic means exactly that! We run this assessment like a criminal would. We start with next to no knowledge of the target organisation and work towards uncovering the details of your employees through OSINT. The final stages will see extremely complex phishing emails being used. Spear phishing has gained popularity but we go further than this. Crafting online personas and relevant situations and real-world events that reinforce an emails credibility.

When you really need to gain access to an organisation ‘in the wild’, you will stop at nothing. We replicate this determination and it forces us to test our clients harder, stealing some of the most ingenious and devious ideas from current phishing attacks.

We can also adapt our testing style to focus on click rate statistics and employee benchmarking. A real attack is significantly different from user testing so it will be essential to gather further information before commissioning work.

Further reading can be found in our Realistic Phishing Attack informational PDF Download_PDF



Phishing Awareness Campaigns

Phishing awareness campaigns aim to provide a positive security culture within your organisation by focusing on click rate reduction and staff awareness.

All members of staff are assessed with bespoke email templates, which can lead to a login portal for credential input and a clear journey that always results in an educational landing page. This type of assessment gives your organisation the insight to usable statistics for continual improvement and can be arranged on a more frequent basis for increased impact. This is really about getting the message of phishing out there in your company – it will be the focal discussion in further education. By testing staff in an open manner you provide content to base learning on.

Phishing Awareness Campaigns look to promote good cyber security etiquette such as;

  • Employees have a desire to learn to protect themselves and learn useful defences.
  • Heads of IT praised for finding vulnerabilities and their superiors act on issues that are presented to them.
  • Employees are trained and made aware of risks, driving further staff education.
  • Staff can report incidents knowing that these fast reports benefit the business.

Further reading can be found in our Phishing Awareness Campaigns informational PDF Download_PDF



PaaS – Phishing-As-A-Service

PasS brings a high-quality phishing service to the hands of your business and can be scaled out in plans suitable for your testing needs. A one off setup fee per organisation, per year, is charged and unlimited phishing assessments can be conducted free of charge at this point on a DIY basis. There has never been a more apt time to use the proverb:

“give a man a fish and you feed him for a day; teach a man to fish and you feed him for a lifetime”

Unlike our consultant led Realistic Simulated Phishing Attacks, PaaS is a totally DIY solution offering you the chance to meaningfully test your staff on a regular basis.

  • Full Phishing portal setup
  • Unlimited* Phishing Emails (*Fair use applied <250,000 P/A)
  • Includes 5 company bespoke designs for phishing emails
  • Includes 3 company bespoke phishing portals
  • Test Google Chrome browser extensions are included.
  • Individual VPS that has been hardened and is regularly tested
  • Full documentation and support
  • Free domain name of your choice (Not exceeding £50 P/A)

Further reading can be found in our PaaS informational PDF Download_PDF



Make contact today to discuss any of these options.