Phishing vulnerability

What can be done about phishing?

We’ve helped hundreds of companies like yours provide their teams with the knowledge and tools to manage phishing threats, with our phishing services.

Robust phishing prevention is a combination of technical controls and human education.

What is a Phishing Vulnerability Assessment?

A phishing vulnerability assessment is a controlled phishing campaign delivered by PGI’s technical team.

They are designed to boost awareness of risk and demonstrate how all employees can help to improve cyber security in the workplace, through better recognition of potential hazards.

It will test the knowledge of your workforce and enable you to understand their level of awareness and how they would handle real phishing attacks.

Anti-phishing services tailored to your organisation and sector


Phishing emails are responsible for more than 90% of cyber breaches into your network and systems; they make up the foundation blocks on which hackers build their attacks from. 

Phishing emails are becoming more and more sophisticated and harder to spot, a managed phishing assessment programme is necessary to protect your business. How much do you know about phishing emails?

While off-the-shelf software options are available, these packages can’t provide your workforce with the experience of truly authentic phishing campaigns. They are often standardised and don’t reflect the targeted tactics that attackers are using.

Did you know? 94% of malware is delivered using email

Every day that your team aren’t fully aware of the threat, your business is at a higher risk of a very real and damaging cyber-attack. 

And according to research by the UK Government, that could cost you on average, £8,460 for small businesses and £13,400 for medium to large enterprises.

With a bespoke phishing assessment from PGI, you will be able to:

  • Identify the risks Read more Read less

    Gain an understanding of your employees’ current awareness of phishing and social engineering threats, as well as identifying where the gaps are and which areas of the business, if any, need further training.

  • Gain more control over your business Read more Read less

    Businesses have more control of the technology being used in the workplace, usually by conducting due diligence when introducing new hardware and software. HOWEVER, it is not as easy to ensure the same due diligence when it comes to employee action, with risk heightened through the use of out-of-date software, unsafe online behaviours, and by interacting with phishing emails.


  • Educate on common threats Read more Read less

    Phishing campaigns can open organisations up to a range of threats, primarily that of malware, which includes computer viruses, spyware, rootkits, adware, keyloggers, participation in botnets, and ransomware.

    As an example, Ransomware is a major risk, with an estimated 300,000 devices infected in the ‘WannaCry’ ransomware attack alone.

    By educating your workforce you decrease the likelihood of a phishing campaign being successful.


    How much do you know about phishing?

  • Mitigate the risk of a data breach or operational disruption Read more Read less

    Phishing emails can give threat actors access to your networks and systems and enable them to steal data or conduct other cyber attacks.

    By engaging PGI’s anti-phishing services, you can educate your workforce about phishing. You will be able to:

    • Strengthen your overall defences.
    • Decrease the likelihood of an attack.
    • Protect your organisation’s bottom line and reputation.

Do your team know what a phishing email looks like?

It takes just one click to bring your operations to a standstill. Equip your team with the knowledge they need to help you defend your organisation.

I want to educate my team about phishing

How we conduct phishing vulnerability assessments

At PGI, we use a simulation approach, or ‘ethical attack’, to carry out a controlled phishing campaign over a duration agreed with the customer.

Our phishing services offer a range of techniques to uncover dangerous behaviour taken by users, such as disclosing passwords, user information, and other confidential data held by your business. The degree of email authenticity can be tailored, showing your employees just how convincing some phishing attempts can be.

We can help your organisation understand its security posture enabling you to make informed decisions on effective investment in education and technology, as well as improving your organisation’s level of security and awareness. This allows you to maximise the return of your cyber security budget, delivering demonstrable impact.

  • What do anti-phishing services look like? Read more Read less

    Test phishing campaign: PGI will conduct a bespoke test email phishing campaign, tailored to your organisation, based on: open-source research, our knowledge of your organisation and the latest attacks targeted at your industry.

    Differentiation: This campaign can be carried out over any period of time with multiple emails. The realism of these emails and the domain names used will vary to replicate the different abilities and skills used by attackers.

    Training: Upon failing to identify a phishing email, staff will be presented with a short educational message, such as a training video or webpage to help them identify and mitigate against that type of attack in the future.

  • How our phishing assessment reports provide insight about your organisation Read more Read less

    Monitoring: PGI will monitor and report on the following metrics throughout the exercise:

      • Opened phishing emails and potentially malicious links clicked/ attachments downloaded.
      • Geographical location of the user opening the email to identify access in non-typical locations.
      • Out-of-date browsers and plugins, identifying potentially vulnerable users.
      • Users who are subject to phishing emails but have failed to complete follow-up training.
      • Reductions in the number of successful phishing emails.

    Reporting: At the end of the campaign, PGI’s security experts will generate a comprehensive report, which will provide an analysis of current cyber risk profile.


    Learn more

  • Phishing assessment services package options Read more Read less

    Basic campaign  

    This package includes:

    • A pre-engagement scoping call: We take the time to understand your organisation’s risk profile and appetite so we can recommend an appropriate solution. For example, who the emails should target and the type of email used.
    • Campaign set up: We set up the campaign using existing email templates, landing pages and PGI’s generic phishing domain URL.
    • E-learning: Employees who click a malicious link and/or input their credentials will be provided with an e-learning module to help them identify phishing emails in future.
    • Campaign monitoring and reporting: We monitor the interactions with the campaign as it is happening and then produce a post-campaign report to help you understand the awareness level of your workforce.


    Tailored campaign  

    All elements of the Generic campaign, plus:

    • A custom domain: We buy a domain name to use in the campaign.
    • Customisable content: To better simulate a phishing email, our consultants can work with you to customise an existing template to fit the context of your organisation.


    Targeted campaign  

    All elements of the Generic campaign, plus:

    • A custom domain: We buy a domain name to use in the campaign.
    • Fully customised content: We work with you to develop content for emails and landing pages that is specific to your organisation, to show the breadth of the social engineering tactics threat actors use.
    • Employee credential audit: When an employee enters their credentials, we can record this so you can compare again best practice standards or your organisation’s internal password policy.

Why choose PGI?

  • Tailored assessments. We do not provide off-the-shelf phishing services, we provide a full spectrum of phishing vulnerability assessments, including end-to-end support.
  • We understand wider digital risk. We don’t just focus on phishing, we have experience helping clients understand and mitigate all forms of digital risk, so we can help you take a holistic approach to managing them.
  • Practical and affordable. Our solutions are affordable because they are proportionate and focused to our clients’ needs, not a blanket approach.
  • A flexible approach. We know the cyber threat is constantly evolving so our team work to your needs and business requirements.

Want to find out more?

Contact Us:

t: +44 20 4566 6600