Phishing Campaign

Bugsec Security Research TeamSecurity Awareness, Services



Phishing Campaign

Phishing Campaign




Phishing Campaign


The services BugSec offers in the security awareness division are meant to increase awareness of all levels of an organization’s workforce, whether they are developers, IT and/or security people, but also general employees that are not involved in security at all. We train them to increase their awareness and think of potential threats in every aspect of their day-to-day activities in the organization.

BugSec has developed the Phishing Campaign Service in order to create/increase security awareness within an organization’s personnel. Phishing is usually performed through an imposter sending messages or e-mails under the name of someone familiar, or by sending links with leads to a fake site, where the user is required to enter his/her user name and password, or any other sensitive data, such as credit card number, etc.

As part of a phishing campaign, BugSec sends a personalized email to the organization’s users, in accordance with a specific prior request made by the organization’s management, with the purpose of manipulating the employee to download a file or submit credential details and sensitive information.

We strongly advise on performing the phishing campaign several times to observe the improvement in awareness levels amongst employees.

After the campaign itself, BugSec prepares and provides a report that summarizes the performed activities. In addition, the customer can get statistics, as well as a full mapping, of the actions of the workers. This in itself can help organizations assess the success of the campaign and can be used as a tool to increase awareness amongst their employees in case of future phishing campaigns.


RELATED SERVICES



Back To Core Services

Phishing is an attempt of a foreign entity pretending to be a legitimate entity, with its main goal to extract sensitive information such as passwords, user-names or financial data from an organization.

Phishing is usually performed through an imposter sending messages or e-mails under the name of someone familiar, or by sending links with leads to a fake site, where the user is required to enter his/her user name and password, or any other sensitive data, such as credit card number, etc.

BugSec has developed the Phishing Campaign Service in order to create/increase security awareness within an organization’s personnel.
This service is generally carried out from within the organization, I order to circumvent protection systems, but if requested, we can also perform the service remotely.

As part of a phishing campaign, BugSec sends a personalized email to the organization’s users, in accordance with a specific prior request made by the organization’s management, with the purpose of directing the users to a fake website and ask them to enter sensitive details.

After the campaign itself, BugSec prepares and provides a presentation that summarizes the performed activities and includes examples, screenshots and more.
In addition, the customer can get statistics, as well as a full mapping, of the actions of the workers. This in itself can help organizations assess the success of the campaign and can be used as a tool to increase awareness amongst their employees in case of future phishing campaigns.

The scope of phishing campaigns is as follows:
– Together with the management of the organization, we set goals for the campaign and define an email template
– Once everything is defined, we obtain de list of all the employees mail addresses
– BugSec designs the email and sends it to the full list of employees
– BugSec gathers and processes the information received from the campaign
– BugSec prepares a detailed report and presentation and sends them to the customer

We can repeat a phishing campaign up to three times in order to see the change in awareness of the employees, which will be shown in the statistics.



WANT TO WORK WITH US?


Let’s Talk