At CYPFER, our Phishing Awareness Services are education-based, providing your organization and employees with information, actual examples, facts and trends to protect against malicious attackers who intend to use e-mail, SMS messaging and USB drives to gain personal or confidential information.
In March 2016, the number of email antivirus detections reached 22,890,956, which is four times more than the average for the same period last year. ( AO Kaspersky Lab. )
We develop campaigns designed around your business goals, industry concerns, and employee expectations. Taking on the persona of the malicious attacker, we deploy a series of organizational-unique messages used to determine the range in which your organization responds to phishing messages. We assemble the results and present an actionable plan to improve your organization’s ability to support digital social engineering in a positive manner.
Campaigns Designed for your Goals
We create integrated digital social engineering campaigns that can be purchased as stand-alone engagements or part of an integrated security solutions program.
- Response Phishing is the most basic of campaigns in which e-mails representing common sources (Facebook, PayPal, and your organization) are sent to employees to determine their responses. This is the simplest of campaigns and is designed around general information gathering and employee awareness.
- Strategic Phishing extends the basic concepts by attempting to acquire information from an individual including usernames, passwords, and system access. Strategic phishing focuses on posing as a trusted source in order to gain information. This is the most effective form of phishing campaigns for general employees.
- Spear Phishing refers to phishing campaigns that target specific individuals. The goal of spear fishing is to gain confidential information about a specific individual or an organization. This approach is one of the most successful on the Internet (with a success rate of 91% for malicious attackers). Spear phishing is extremely effective when coupled with offensive security engagements, including physical social engineering and penetration testing.
- Whale Phishing (or whaling) is a form of spear phishing directed towards senior executives and high-profile targets within a business. These engagements focus on carefully constructed messages that are presented with a serious statement, falsified company-wide concerns, or messages that require critical actions. Whaling is a multi-step process that first creates subtle reactions before escalation to critical actions.
The FBI, which calls such campaigns Business E-mail Compromise (BEC), earlier this year noted that as many as 7,000 US businesses have been victimized by such scams over the past two years, resulting in some $740 million in losses.(Federal Bureau of Investigation)
Measure and improve the attitude and awareness towards
Phishing, malware and drive-by attacks.
- Traditional phishing attacks through email as well as SMS messages.
- Simulate malware attacks from multiple delivery channels.
- General as well as customized e-mails, websites and interactions.
- Development of unique campaigns to address your organization-specific scenarios.
- Malware protection to validate the effectiveness of your security structure and services.
- Simple and directed education to improve the organization’s and employees’ awareness of possible malicious attacks.