‘Phishing Simulation and Spear Phishing Simulation’ – ‘nphish’ addon and awareness workshop
Using customized phishing campaigns, NSIDE tests how vulnerable your workforce is to phishing emails. We also offer spear phishing campaigns, i.e. targeted e-mail attacks on individual persons or groups of persons that take advantage of current information about the company. This includes, for example, currently advertised jobs, current events, recent or upcoming events, changes in corporate policy, and much more.
NSIDE ATTACK LOGIC GmbH uses software specially developed for this purpose, our ‘nphish’ phishing framework, to carry out the phishing simulations. This tool enables our analysts to quickly develop phishing scenarios tailored to your needs, to flexibly incorporate changes and to spontaneously decide if a simulated malicious attachment should also be part of the campaign. By abstracting from the actual technology, ‘nphish’ allows you to focus on designing, planning, carrying out and evaluating phishing campaigns.
All of our (spear) phishing simulations are conducted in close coordination with staff/works councils if required. Employee passwords are not collected or sent, even if it seems so for them in the simulation. This guarantees the security of the access data as well as saving employees from having to change their passwords after the training course. All recorded events (website visited, password entered etc.) are evaluated purely statistically, unless explicitly requested otherwise, so that no employees are discredited or have to fear reprisals because of the phishing result. In compliance with relevant data protection guidelines, we delete all data collected during the analysis within 10 working days after the project has been completed.
We also offer group-based analysis, which means that targets for the spear phishing campaign can be grouped, e.g., to map an internal organization (sales, accounting, logistics) or risk relevance (management, authorized for financial transactions, access to critical business data). This creates a detailed and realistic basis for further awareness measures.
A phishing simulation tests the awareness of your employees and trains them in recognizing well-crafted phishing attacks in the follow-up if the campaign has been identified as such. Our years of experience in simulating phishing attacks have shown that an awareness campaign attracts much more attention and approval in the company if it is introduced to all employees by means of a phishing simulation. Cleverly linking the simulation with awareness measures means that the team discussions can be skilfully used to make employees aware of the contents and guidelines.
If required, NSIDE ATTACK LOGIC GmbH also supports the training of employees. Our analysts can use an awareness workshop – whether on-site or as a webinar, recorded or live – to vividly demonstrate the relevant phishing techniques, their effects on the computer and how to successfully detect phishings – and not to forget: what to do if you pressed the wrong link after all.