Exposing the phishing scenarios used by hackers

Phishing is still as prevalent as ever and the sophisticated tactics cyber criminals use pose significant risks to organisations.

Our ethical phishing service can highlight some common phishing email scenarios that could be encountered by a company’s employees. It’s essential to recognise the tactics used by phishing scammers, attackers will often tailor-make emails using well known logos, branding, and domains or they may employ generic techniques to target a large number of potential victims simultaneously.

Our ethical phishing service encompass a wide array of scenarios, ranging from seemingly harmless workplace surveys to more sinister ransomware attacks. Here are some of our ethical phishing scenarios we offer as a service to clients:

1. Workplace survey asking employees to log in to submit their feedback.
2. Quarantined email notification, employees have to log in to release the email.
3. Email from HR asking employees to log in and update their emergency contact information.
4. Recruitment Scam – e.g. please visit the ‘job market’ for the latest opportunities in Engineering/Development and such.
5. VPN access – Request for people to update/review/create their VPN credentials.
6. A Microsoft Teams voicemail notification that employees must log in to listen/download.
7. Email from IT asking users to change their password due to annual requirements or a change in the password policy.
8. Recent password leak requires a password reset.
9. Ransomware attack – asking the victim to pay in order to retrieve stolen data.
10. Seasonal offers for colleagues (Christmas, Easter, holiday packages, theme park tickets, money off flights etc).
11. Imitating a health insurance company offering deals.
12. Email from IT – a core piece of software used by your company is outdated and needs updating.

These scenarios are run in campaigns to test your organisation’s defences, identify potential data leaks, highlight weaknesses in human behaviour, and enhance employee cyber awareness. We can also set up bespoke scenarios.

Our campaigns can also be run in conjunction with our cyber security awareness training for effective employee learning. As well as within our red teaming exercises to identify weaknesses in your organisations cyber and physical defences.