What is it about?
Being affected by phishing, whether mass or targeted (spear phishing) is an increasingly common occurrence:, any organisation can be affected, and any user workstation controlled, through a request, or even simply by sending links or attachments.
Needless to say, being able to obtain credentials from a victim is of extreme value to any attacker, given the tendency of users to reuse the same passwords on various personal and business accounts. At the risk of extending the available attack area (e.g. by allowing access via SSL VPN or corporate Wi-Fi).
CryptoNet Labs offers a comprehensive phishing campaign simulation service to assess user sensitivity and responsiveness. The basic mechanism is the sending of a misleading and convincing message, which causes the recipient to click on links or open attachments (properly prepared, and completely harmless). In this way, users are “hooked” to the test platform. Technological countermeasures as well as the results obtained, and all the appropriate statistics, are then measured.
The campaign can be modulated on different levels of intrusiveness (just click, enter credentials or open attachments); target and content are agreed with the customer.
In addition to email, other attack vectors with which users interact daily can be tested, such as USB devices or public Wi-Fi connections.
Who can benefit from it
Medium or large companies, interested in working on the “human factor”, the weak link in security, especially where critical or sensitive data is processed. It can also be part of awareness campaigns for users where required (e.g. GDPR), or training in security awareness.