Phishing simulations for medium and large companies
Measuring, sensitizing and training in one
More than just a phishing tool
What you can expect from us regarding phishing
Together with you we define the goals of the phishing simulation.
- Who do you want to test? All employees or only certain groups? Regions? departments?
- How often do you want to run the tests? Monthly? Quarterly? Annually?
- What granularity do you expect from the reports? At departmental level? Or per country?
- How many resources / know-how do you have in-house?
- How much personal contribution do you want to make?
We advise you on the technical and legal advantages and disadvantages of in-house operation versus cloud service and work out a viable concept with you within a few hours.
In the second step, we suggest the most suitable tool for your needs, according to the conceptual parameters. We ourselves mostly phish with the open-source software GoPhish. This software is suitable for classic phishing simulations, e.g. click link, enter password, or execute attachment and covers the typical requirements for 2 - 5 phishing simulations per year.
Whether you want to buy and operate a phishing tool yourself or get a "full service" from us in the cloud: our offer is designed according to your needs and your resources.
Tool selectionA fool with a tool is still a fool
Grady Booch, Software Engineer
We then jointly select suitable scenarios. You can choose from our numerous best practice scenarios or order the creation of individual scenarios. We adapt the phishing e-mail, the landing page and the resolution page visually and in terms of content to your company and target groups.
And we make sure that the scenarios are realistic, consistent and yet recognizable... otherwise you might create exactly the opposite of what you actually wanted with phishing simulations.
We ensure that the phishing campaign is integrated into your existing or planned awareness communication in the best possible way.
After all, you can use phishing simulations for much more than just phishing training. Don't let this momentum go to waste.
If you would like us to provide the phishing simulations as a service, the technical implementation now begins. We create a dedicated phishing server including the phishing simulation software. We integrate the agreed scenarios, register the required domains and test the technical functionality. You only have to make sure once that the IP address is not blocked ("whitelisting") and that the e-mails are accepted and delivered by your e-mail server.
We send the e-mails to the defined target groups at the agreed times and monitor the process.
Depending on the agreement, you will receive a (often anonymous) report on the "success" of the measures: How many e-mails were sent, how many were opened, how many people clicked, how much data was entered. If desired, additional filters (country, region, department) can be defined.