Phishing training of employees

We plan and execute simulated phishing attacks to train your employees to detect and respond to malicious email-attacks. Through advanced metrics the organization can track risk behaviour of employees and departments and build cyber awareness.

Interested in phishing training of your employees?

Ubildningsmiljö_anteckningar.jpg
SSC motorväg lågupplöst.jpg

Phishing training - Service Description

Our simulated phishing service allows you to get a hands-on understanding of your user and employee awareness of and vulnerability to phishing attacks against your organization.

 As part of our service, we plan and execute simulated phishing attacks to train your employees to detect and respond to malicious email-attacks. Through advanced metrics, the organization can track risk behaviour of employees and departments and build cyber awareness.

 We make use of all the same common tricks and techniques that is found in real phishing attacks being performed by actual attackers, going all the way from simple mass appeal spam messages (such as invites over various forms of social media), to directed attacks mimicking internal communications using knowledge of your organization, field of business, and geographic location.

Will your employees think twice about following the advice of what they believe to be your IT-department? Will they question an exciting opportunity for free tickets to the next local sports event?. 

SSC hastighettrafik 2 lågupplöst.jpg

What is Phishing?

Phishing is one of the most prominent attack vectors of modern hacking. There is no need to invest large amounts of time and resources to bypass security features, if you can get someone already on the inside to open the door for you.

Essentially, phishing refers to the act of tricking the recipient of an e-mail, a text message, or some other form of communication, to click a link, open a file, or through some other action disclose sensitive information. Most often, this will expose the recipient’s device to Malware, but it is also a quite common goal to have the recipient fill in credentials, share sensitive information, or perform some action (or transaction), for the benefit of the attacker.

Common Phishing Variations

Regular Phishing

A non- or semi-targeted attack against a large number of targets. Generally not very sophisticated, relying on the sheer quantity of recipients to hope that at least some of them are tricked.

Spear Phishing

A more sophisticated attack against specific target (organizations or even individuals), using knowledge of the target to craft the attack. These attacks often attempt to trick the recipient by posing as a legitimate and relevant source, which may be business partners, authorities within the target organization, government agencies or other sources that the recipient may genuinely expect to be contacted by.

Whale Phishing

An even more specific type of Spear Phishing, aimed at a single targeted indivudal. These types of attack require considerable preparation and careful crafting, giving that there is only one recipient, and success is entirely dependent on this one target being fooled by the attack. A successful attack of this type can do tremendous damage, if the attacker is then able to leverage the victim’s authority within the organization, or make use of their access to highly sensitive information and systems to perform follow-up attacks.

Common phishing techniques:

  • Posing as legal, financial, or governmental institutions to lend an air of authority

  • Implying an immediate need for action on the part of the recipient, such as by implying a time limit until loss of access to a system, that the recipient has been recently hacked, or that a lack of action will result in a heavy fine or legal action

  • Implying great financial gain if action is taken

  • Mimicking the visual design and mannerisms of well known and used services, sending messages the recipient would expect from the services in question.