Phishing simulation

How susceptible are you to phishing? Try a simulated phishing attack and find out.

Cognisys can perform phishing simulation to determine the susceptibility of your people to this type of cyber risk.

Working with you to devise a range of scenarios, we will build a series of personalised phishing emails to target specific groups within your organisation.

Typically, the emails will invite recipients to take certain actions, such as giving away sensitive information or downloading malicious payloads allowing unauthorised access to your environment.

Sophisticated to simple phishing tests are carried out to determine the security awareness of your employees and understand the strength of your security culture.

Phishing, spear-phishing and whaling

The dark web is made up of digital communities that sit underneath the internet. While there are legitimate purposes, it is estimated that over 50% of this type of site is used for criminal activities.

Sometimes referred to as the ‘underbelly of the internet,’ the dark web is a shrouded area, hidden from search engines and only accessible with a specialised web browser. It also masks IP addresses, which essentially allows fraudsters to operate undetected to commit crimes, including identity theft.

Take the right mitigation steps

There is no single solution that can protect against all possible attack vectors. However, you can take steps to mitigate the most common forms of attack. Statistically, these attacks are most likely to leverage passwords compromised on the dark web or leaked due to human error, often a result of phishing attacks or a lack of awareness around security best practices.

Phishing simulation process

  • Creation of easy, medium and difficult templates, so as to scale training
  • Identify existing security awareness
  • Training can be built-in to landing pages

The goal of a simulated phishing attack is to trick an individual into disclosing personal or corporate information through social engineering, email spoofing and content spoofing efforts.

For example, we may send the victim an email that appears to be from a trusted source, including links back to a customised malicious website that has been created especially for the attack.

Our emails and websites can be highly personalised and customised, incorporating the target’s name, job title or other relevant information.

Cognisys presents its findings in a comprehensive yet simple report format. This typically comprises of an executive summary, methodology, technical findings, and prioritised recommendations for remediation.

  • Understand how to better defend your organisation using a layered defence approach.
  • Provide cyber security awareness training for your employees.
  • Build an effective cyber threat reporting culture, with a ‘no-blame’ approach for maximum uptake, throughout your organisation.

Discover how we’ve helped leading organisations

READ OUR CASE STUDIES

RECENT UPDATES

BLOG

How to protect against AiTM/Evilginx phishing attacks

A deep dive into the Attacker-in-the-Middle (AiTM) threat, spotlighting EvilGinx2. Discover how to protect against phishing and thwart AiTM attacks with essential strategies.

TIPS

What is attack path management?

In a world where identities are the new security perimeter, compromising identity platforms like AD and AAD provides the greatest payoff for attackers, ultimately giving them control of all users, systems and data within the organisation.

TIPS

.ZIP domain registration: A risky gateway to nefarious outcomes

In the ever-evolving world of cybersecurity, understanding emerging threats is critical to maintaining a robust defence. One trend currently attracting attention is the registration of .ZIP domains.

Let’s make things happen

Fill in the form and one of our team will be in touch for a no-obligation discussion or quote regarding your requirements.

info@cognisys.co.uk
Leeds office

5 Park Place
Leeds
LS1 2RU

info@cognisys.co.uk
Manchester office

The Sharp Project
Thorpe Road
Manchester
M40 5BJ

LET’S TALK