Phishing/Spear Phishing Simulation and Awareness Workshop

“Phishing” is the most widespread method for attackers to gain access to a company’s internal network. Attackers do this by sending emails in which they pretend to be a trustworthy entity. They use various social engineering manipulation techniques to trick their victims into revealing passwords or executing malware. This technique has been the number one attack vector for years, as various studies have shown.

NSIDE Phishing Results

NSIDE conducts phishing simulations for various-sized companies. Our experience confirms the studies and shows that phishing attacks may be especially successful against untrained personnel: In this context, it is not uncommon for 30% of attacked users to reveal their password. In an actual attack this can have serious consequences as attackers often only need a single set of credentials to gain access to internal systems and networks.

A phishing simulation tests the awareness of your employees and trains them in recognizing well-crafted phishing attacks in the follow-up if the campaign has been identified as such. Our years of experience in simulating phishing attacks have shown that an awareness campaign attracts much more attention and approval in the company if it is introduced to all employees by means of a phishing simulation. Cleverly linking the simulation with awareness measures means that the team discussions can be skillfully used to make employees aware of the contents and guidelines.

We also offer targeted spear-phishing attacks and correspondingly group-based analysis, which means that targets for the spear phishing campaign can be grouped, e.g., to map an internal organization (sales, accounting, logistics) or risk relevance (management, authorized for financial transactions, access to critical business data). This creates a detailed and realistic basis for further awareness measures.

If required, NSIDE ATTACK LOGIC GmbH also supports the training of employees. Our analysts can use an awareness workshop – whether on-site or as a webinar, recorded or live – to vividly demonstrate the relevant phishing techniques, their effects on the computer and how to successfully detect phishing – and not to forget: what to do if you pressed the wrong link after all.

Why You Should Choose Our Phishing Simulations Service

Phishing or Spear Phishing

We offer general phishing and spear phishing campaigns tailored to specific target groups. In each case, you can also receive results broken down into different target groups, e.g. by department or branch, provided that employee anonymity is still guaranteed.

Professional Phishing

Just like in a “real” spear phishing campaign, we customize the campaigns for you, including an individual believable domain, website and email template.

The phishing domain can be taken over free of charge after the project.

Transparent Pricing

You only pay once per phishing campaign – regardless of how many employees/email addresses the phishing campaign is directed at.

Indivual Result Format

Would you like the data in a specific format? We will be happy to include your individual wishes in the final report.

No Additional Infrastructure Required

NSIDE takes care of the required infrastructure (e-mail server, web server, database, domain) – there is no additional work for you.

Privacy

All recorded events are evaluated purely statistically and deleted within 10 working days after the end of the project, unless explicitly requested otherwise. Entered credentials are not stored in the first place. If necessary, phishing simulations are carried out in close consultation with the staff/works council.

Custom Phishing Framework

NSIDE uses a specially developed software called nphish for phishing simulations. With this tool, our analysts are able to quickly develop individually customized phishing scenarios.

Passwords or Malware?

You determine the objective of the phishing campaign: Should the phishing campaign only target credentials or would you like to check whether your employees would execute malware?

Result Presentation

The project is carried out by an experienced IT security analyst. We will be happy to present the results to you afterwards, either as a short presentation or in an awareness workshop for your employees.

OFFENSIVE CYBER SECURITY

Contact us to uncover and close your security gaps.