Deceptive Emails to Assess Your Susceptibility to a Cyber-attack

A phishing assessment attempts to gain sensitive information or access from a target user through coercive emails. This method of engagement is particularly effective, as attackers can often leverage public information to craft compelling emails while impersonating someone trustworthy - perhaps even individuals within the target organization.

The primary concern with a well-organized phishing campaign is that attackers often use this as a stepping-stone for broader attacks. Similarly, CSCC tailors each phishing assessment to your organization’s personnel and explores the full potential of a successful compromise with unparalleled depth, ending with a detailed social engineering report.

In either case, you will be made aware of security flaws before attackers can exploit them. With this powerful foresight, business leaders will feel prepared to make informed decisions about their enterprise’s security. In addition, demonstrating your newly hardened security posture, your clients, partners, and investors will feel confident in your ability to protect their assets, as well.

What is Phishing?

Phishing is the act of sending malicious emails to a target. Usually, attackers accomplish this under the guise of a credible individual or organization. However, the attacker may go to great lengths to establish some degree of credibility and then prompt the target to surrender personal information such as passwords or PIN numbers.

Despite being an older technique, phishing attacks continue to be very effective and remain a consistent threat to digital security.

Advanced Phishing Services

More Than Just an Automated Service

While many tools measure the users clicking links, how do you know the real risk to your environment? We go beyond automated testing with a full attack simulation to identify the impact of social engineering.

Structured Social Engineering Methodology

Reconnaissance and Information Gathering

The collection of information is a critical stage of social engineering and often determines the success of the rest of the phishing assessment. Using a ‘black box’ approach, our security experts perform in-depth research to extract information on the target company.

Create Pretext Scenarios and Payloads

Once we have fully enumerated the target, the focus turns to craft the payload. These specifics include identifying departments, user roles, and associated pretext scenarios. These details ensure each user is researched thoroughly for the most successful, targeted engagements.

Engage Targets

Using carefully structured tactics and pretexts, CSCC LABS security analysts engage employees via phishing emails. These emails often prompt the user to interact by clicking a link or downloading a malicious file. The emails and subsequent landing pages are crafted to appear authentic, often mimicking other sites and services.

Assessment Reporting and Debrief

After completing the campaign and aggregating results, a final report is delivered, providing the executive summary and specific details. The information also includes a thorough breakdown of risk and remediation steps and documentation of successful phishing attempts. Training guides are also offered, guiding the client in resolving the training and policy issues identified.

Optional: Employee Education

As an optional addition, CSCC LABS provides user training sessions for client employees. Whether hosted in a recorded online webinar or an in-house training session, CSCC LABS provides quality security awareness training by the same experts who performed the initial engagement