Phishing attack perpetrators target employees by convincing them to give up confidential credentials and then use these credentials to gain access to an organization’s network. Our team will conduct simulated phishing attacks by sending emails appearing to come from a legitimate source in an attempt to collect credentials from employees (i.e. requesting to verify user names or passwords or other sensitive credentials). The carefully designed phishing emails come from fake addresses and are formatted with professional logos and graphics to appear genuine to the recipients as if coming from a legitimate source such as a business partner. They are targeted to employees or executives with access to critical systems or confidential information (such as personally identifiable information or PII).

Conducting phishing exercises helps to reduce the risk and exposure to some of these attacks and helps to determine the effectiveness of the security training and awareness program.

Social engineering exercises also help an organization test the effectiveness of its policies and procedures.