Máte otázky? Zavolajte nám
+421 903 766 446

Phishing attack simulation

Project Information

Client
Company in the Czech Republic
Number of employees
1200
Project length
5 weeks
Services
IT & Cyber security services

How 52% of users voluntarily provided us their passwords

1/3 of cyber attacks (€1.1bn) are carried out via phising
• Phising attacks grew by 600% after February 2020
• Increased risk associated with working from home and multiplatform IT environment (PC / mobile / cloud)

Project Description

• Simulation of phishing attack by email

• Email with a link to the web form for “password level evaluation”

 

What is phising?

Phishing is (mostly) email communication sent by attackers – hackers in order to obtain personal data such as login names and passwords to systems (eg internet banking) and the like. The information thus obtained is then used for further intrusion into systems, extortion, identity theft or finance. Phishing emails often contain malicious code (malware), which is initialized by opening or an action in the email.

WHEN and WHERE to implement a phishing simulation

  • When a company wants to protect its and its customers’ data
  • In all companies that use services such as email, online client databases, e-shops, ERP / CRM, etc
  • As a regular annual activity along with IT security training for IT users
  • Recommended minimum number of IT users is 30+

HOW the phishing attack is simulated

1. The client approves the scope, content and form of emails, and schedule
2. Preparation of communication environment, domains and addresses, testing, whitelisting of domains
3. We simulate a phishing attack, in waves
4. Final report including recommendations for addressing risks

BENEFITS for the organisation

• Identify the state of user security awareness
• The weakest link in IT security is the user - by addressing the identified risks, you will strengthen the security of the IT organisation
• "Quick wins" for setting up email servers

Results

  • 140 sent emails
  • 79/56% clicks on the link,
  • 73/52% transmitted password (92% from users who opened the link)
  • 92% of users, who opened the malicious link, provided us their password

Corrective activities

  • Training program for employees in IT security to change behavior
  • Audit of "password policy" and its applications in IT applications and systems
  • List of "quick wins" in email settings
140 sent emails
61% of users opened a report
56% of users cllicked on hypertext link
52% of users entered their passwords (92% of clicks)