Phishing is a form of cyber-attack in which an attacker attempts to steal personal information from a person by disguising themselves as a reputable company or person through email or other communication tools.
Falling for a phishing attack can be an easy mistake, considering the level of detail that phishers go into to look legitimate.
Often, victims receive a message that looks as if it is from a common person or business. The links or attachments install malware on the device and then take them to a site where they user gives their personal information, such as email and password, credit card details or account numbers.
A Phishing Campaign performed by a security company assesses your company’s vulnerability to a phishing attack. These assessments can be done on a single or reoccurring basis. Attackers tend to change their methods often, so a reoccurring assessment is encouraged for companies of any size.
These campaigns test the vulnerability and engagement of employees as they receive an attempted exploit. The security company then reports back with the results of how employees responded to either an email or a remote site. A benefit to these campaigns is they are completely fake and will not store personal information. These tests help employers instruct their employees how to avoid falling for a phishing attempt, and what to look out for in suspicious emails and web pages.
At ASK we offer a few different options to provide the right solutions for your business. We create single phishing engagements that replicate a phishing attack, as well as campaigns, which are recurring phishing attempts. We also offer an attempted exploit that you can add on to any engagement. This tests for additional vulnerabilities that could be exploited by a phishing campaign.