Phishing Vulnerability Assessment


What is Phishing?


Phishing occurs when a scammer tries to trick people into giving away their/ their organisation’s confidential information such as passwords, credit and bank card account details and financial information.

They do this by pretending to be a legitimate contact and convincing a target to open a spam email, click on a dangerous link or go to a fake website.

When targeting a business, the scammer collects information about how an organisation’s emails are presented and structured to make them look as authentic and believable as possible. Often the attacker will pretend to be a CEO or senior executive and send messages to employees further down the management chain asking them to transfer money or sensitive data.

Phishing of employees and malicious attachments sent in email messages are still the main cause of data breaches, despite warnings. It is estimated that 156 million phishing emails are sent every day. Of these, 16 million manage to get through email filters, and 8 million are opened by unaware staff.

 

Why Phishing Campaigns should be top of your priority list



There can be subtle clues in the messaging that, when looked out for, are obvious to the recipient. Unfortunately, many targets are not aware of these or are too busy to notice them. Significant criminal gains can be made by targeting the big fish at the top, hence whaling is so popular.


The scammer relies on the natural desire to impress senior managers and uses this behaviour to their advantage. Often an employee, no matter how odd the request may be, will want to adhere to a request made by the ‘CEO’.


No matter how secure your company’s networks are, they will still be vulnerable to human weakness. With phishing attacks being the most common form of cyber-attack, people need to know what to look out for when a potentially dangerous email lands in your or your employee’s inbox.

Our Phishing Capability Assessment Process


It is crucial that a workforce understands how it could be targeted, as well as knowing what to do if employees receive a suspicious email.

With this in mind, PGI has developed a phishing capability assessment with the purpose of measuring the current cyber awareness of the workforce, and delivering targeted training to reduce the organisation’s risk of exposure to this type of attack.


security

The Solution

PGI will conduct a bespoke test e-mail phishing campaign, tailored to your organisation, based on:

  • open source research
  • our knowledge of your organisation
  • the latest attacks targeted at your industry
  • This campaign can be carried out over a 4-week period with multiple e-mails.

Throughout the campaign the realism of these emails and the domain names used will vary to replicate the different abilities and skill used by attackers.

Upon failing to identify a phishing email, staff will be presented with a short educational message such as a training video or webpage to help them identify and mitigate against the type of attack in future.

cyber security

Metrics and Follow-up

PGI will actively monitor and report on the following metrics throughout the exercise:

  • Opened phishing emails, and potentially malicious links clicked/attachments downloaded.
  • Geographical location of the user opening the email to identify access in non-typical locations.
  • Out-of-date browsers and plugins, identifying potentially vulnerable users.
  • Network endpoints vulnerable to data-exfiltration and firewall misconfiguration.
  • Users who are subject to phishing emails but have failed to complete follow-up training.
  • Reductions in the number of successful phishing emails.

At the end of the campaign, PGI’s security experts will generate a comprehensive report based on the above which will provide an analysis of current cyber maturity, and produce recommendations to increase this.

By understanding your organisation’s security posture, you can make informed decisions on effective investment in education and technology, as well as improving your organisation’s level of security and awareness.


Product & Pricing


Price Inclusive
Starting at £499*
For our most basic package based on small businesses
  Fully managed week long campaign

  Bespoke customised template

  Comprehensive Report

Recommendations for Phishing


Products & Resources


It is crucial that a workforce understands how it could be targeted by phishing, as well knowing how to prevent it from happening. Here are a few resources and products that could help keep you cautious.

Articles


PGI experts are highly knowledgeable in Phishing. Below are a few informative articles to ensure you are prepared incase a phishing email ends up in your mailbox.

Want to purchase or need more information? Why not speak to one of our experts.


Choose a day and time and one of our team will be in touch.
Alternatively, call us on +44 (0)207 887 2699 or email us at clientservices@pgitl.com

Follow us

+44 (0)207 887 2699
©2017 PGI - Protection Group International Ltd. All rights reserved.
PGI - Protection Group International Ltd is registered in England & Wales, reg. no. 07967865
Registered address: Cascades 1, 1190 Park Avenue, Aztec W, Almondsbury, Bristol BS32 4FP