E-Mail Phishing Assessment: Determining Alertness – Raising Employees’ Awareness

Phishing – Sending an E-Mail Phishing Campaign

It often only takes a couple of login details for an attacker to be able to penetrate a company's network. In addition to technical measures, the security awareness of employees is your most effective protection. To be able to grade the awareness of your employees and give them targeted training, SySS can carry out a simulation of a phishing attack precisely tailored to your company and then evaluate the results. We offer a set of pre-prepared scenarios for you to choose from or you can propose one of your own.

Example scenarios:

• New home office solution
• Receipt of an encrypted e-mail
• Prize draw
• Verification of employee details 
• Important update

All phishing websites are individually tailored to the customer's corporate design, to the extent that the scenario requires it. We offer phishing campaigns at different levels. E-mails and websites can contain several or virtually none of the typical telltale signs.

SySS offers three different kinds of e-mail phishing:

• E-mail with hyperlink
• E-mail with hyperlink and website for entering login details
• E-mail with malware attachment

We can also provide targeted training for the attack vectors used. On request, this training can be given online or in the form of a presentation at your premises.

Lessons Learned

From a phishing assessment, you can expect the following results:

• Statistics relating to the current awareness of employees
• Enhanced employee awareness
• Increased readiness for awareness measures
• Verification of processes

Project Scope

E-mail phishing assessments are carried out in the course of one or two weeks and usually involve the following project phases:

• Kickoff
• Registration of domains
• Design of a phishing campaign
• Review phase
• Distribution of the campaign to employees
• Evaluation of the results
• Documentation