Measuring, sensitizing and training in one
More than just a phishing tool:
What you can expect from us regarding phishing
Together with you we define the goals of the phishing simulation.
- Who do you want to test? All employees or only certain groups? Regions? departments?
- How often do you want to run the tests? Monthly? Quarterly? Annually?
- What granularity do you expect from the reports? At departmental level? Or per country?
- How many resources / know-how do you have in-house?
- How much personal contribution do you want to make?
We advise you on the technical and legal advantages and disadvantages of in-house operation versus cloud service and work out a viable concept with you within a few hours.
In the second step, we propose the tool best suited to your needs according to the conceptual parameters. Our spectrum ranges from free open source software (GoPhish) to extremely powerful simulation and awareness solutions, for example from our partner Lucy Security.
Whether you want to buy this tool yourself or obtain it from us, whether you want to operate it yourself or obtain it as a "full service" from the cloud: our offer is designed to meet your needs and resources.
Tool selectionA fool with a tool is still a fool
We then jointly select suitable scenarios. You can choose from our numerous best practice scenarios or order the creation of individual scenarios. We adapt the phishing e-mail, the landing page and the resolution page visually and in terms of content to your company and target groups.
And we make sure that the scenarios are realistic, consistent and yet recognizable... otherwise you might create exactly the opposite of what you actually wanted with phishing simulations.
If you would like us to provide the phishing simulations as a service, the technical implementation now begins. We create a dedicated phishing server including the phishing simulation software. We integrate the agreed scenarios, register the required domains and test the technical functionality. You only have to make sure once that the IP address is not blocked ("whitelisting") and that the e-mails are accepted and delivered by your e-mail server.
We send the e-mails to the defined target groups at the agreed times and monitor the process.
Depending on the agreement, you will receive a (often anonymous) report on the "success" of the measures: How many e-mails were sent, how many were opened, how many people clicked, how much data was entered. If desired, additional filters (country, region, department) can be defined.