Phishing simulations for medium and large companies

Measuring, sensitizing and training in one

This video will be loaded from YouTube while playing. By clicking here you accept the data protection declaration of HVS Consulting / IS-FOX and YouTube.

Our philosophy

We are not a phishing tool provider, we are a security awareness provider.

There are now numerous phishing simulation software providers. They all claim to be the best and if you use their software, you have everything you need. This may be true for smaller companies with up to 200 users, but we see it differently for medium-sized and large companies. Security awareness is much more than a phishing email and a subsequent learning nugget.

  • If you are looking for a fully automated phishing simulation solution that phishes your users with standard scenarios and trains them with standard awareness material, then we are pretty much not the right provider.
  • If you see phishing as part of a holistic awareness campaign (integrated into other measures such as individual e-learning, webinars, events, newsletters, intranet portal, key visuals, etc.) and if you want to run individual phishing campaigns tailored to your company, then let's talk 😊.

By no means do we want to disparage phishing simulation software. Indeed, we use it ourselves. We are just convinced that, especially for larger companies (2,000 employees or more), security awareness is not done with just one tool. Of course, this also applies to smaller companies, but for 10 - 200 users, an individual approach is simply too expensive. Here, the phishing/awareness tools are certainly a suitable solution.

More than just a phishing tool

What you can expect from us regarding phishing

Step 1

Consulting

Together with you we define the goals of the phishing simulation.

  • Who do you want to test? All employees or only certain groups? Regions? departments?
  • How often do you want to run the tests? Monthly? Quarterly? Annually?
  • What granularity do you expect from the reports? At departmental level? Or per country?
  • How many resources / know-how do you have in-house?
  • How much personal contribution do you want to make?

We advise you on the technical and legal advantages and disadvantages of in-house operation versus cloud service and work out a viable concept with you within a few hours.

Step 1

Consulting


< >
Step 2

Tool selection

In the second step, we suggest the most suitable tool for your needs, according to the conceptual parameters. We ourselves mostly phish with the open-source software GoPhish. This software is suitable for classic phishing simulations, e.g. click link, enter password, or execute attachment and covers the typical requirements for 2 - 5 phishing simulations per year.

Whether you want to buy and operate a phishing tool yourself or get a "full service" from us in the cloud: our offer is designed according to your needs and your resources.

Step 2

Tool selection

A fool with a tool is still a fool
Unknown author
< >
Step 3

Scenario selection

We then jointly select suitable scenarios. You can choose from our numerous best practice scenarios or order the creation of individual scenarios. We adapt the phishing e-mail, the landing page and the resolution page visually and in terms of content to your company and target groups.

And we make sure that the scenarios are realistic, consistent and yet recognizable... otherwise you might create exactly the opposite of what you actually wanted with phishing simulations.

Step 3

Scenario selection


< >
Step 4

Campaign integration

We ensure that the phishing campaign is integrated into your existing or planned awareness communication in the best possible way.

After all, you can use phishing simulations for much more than just phishing training. Don't let this momentum go to waste. 

Step 4

Campaign integration


< >
Step 5

Execution

If you would like us to provide the phishing simulations as a service, the technical implementation now begins. We create a dedicated phishing server including the phishing simulation software. We integrate the agreed scenarios, register the required domains and test the technical functionality. You only have to make sure once that the IP address is not blocked ("whitelisting") and that the e-mails are accepted and delivered by your e-mail server.

We send the e-mails to the defined target groups at the agreed times and monitor the process.

Depending on the agreement, you will receive a (often anonymous) report on the "success" of the measures: How many e-mails were sent, how many were opened, how many people clicked, how much data was entered. If desired, additional filters (country, region, department) can be defined.

Step 5

Execution


< >