Phishing Assessments

Protect your organisation from phishing by training your teams to identify what these attacks look like, and what actions to take, using safe simulated assessments.

Use simulated phishing assessments to raise awareness of what a real-life attack would look like, enabling your users to identify a suspicious email and apply security best practice, preventing an attacker from infiltrating your organisation’s network.

Strengthen your security posture

Our phishing simulation assessments offer a powerful way to verify your organisation’s technical defences and processes, ensuring they are effective in preventing phishing attacks

Build an army against the attackers

Your people are your first line of defence. Raise awareness of what a real-life attack would look like, enabling your users to identify a suspicious email and apply security best practice, preventing an attacker from infiltrating your organisation’s network

Improve security awareness training

Phishing simulation attacks improve general awareness of security, by allowing you to measure how effective your security training is and identify areas or people that need additional training

Our Phishing Assessment Service

A phishing simulation assessment provides an analysis of your organisation’s internal user community’s resilience to either a targeted (spear phishing) or a generic mass mail (phishing) attack. It’s a proven assessment which aims to assess if internal users are suitably aware of the types of attacks that commonly occur and how to avoid becoming a victim of such an attack.

Phishing simulation assessments are a powerful way to not only measure the awareness of an organisation, but to reinforce key learning objectives.

The Rootshell Security team will run dedicated campaigns against your organisation to verify both the technical defences that have been implemented and if additional training is required for staff.

 

It is very powerful when people click on a link and get instant feedback informing them they just fell victim to a test. It provides an opportunity to learn more about what phishing is and how they could have detected that this was a potential attack.

Indicators of Potential Phishing Attacks

A doppelganger domain is designed to trick users by mimicking a legitimate fully-qualified domain name (FQDN), for example, by missing a dot between subdomain and domain, or replacement of numbers for letters, which is then used for malicious purposes.

Domain squatting (also known as cybersquatting) is defined as registering or using internet domain names in bad faith to profit from someone else’s trademark, and can target both major organisations and small businesses.

Attackers typically register one or more doppelganger domains as a precursor to a phishing attack. Attackers rely on the similarities of domain names to trick users during a phishing attack and are often accompanied by fake websites/portals (using the same/similar doppelganger domains) that trick users into entering sensitive information (such as credentials, personal bank details, etc.)

We will provide updates of investigation into possible permutations of your domain name which have been registered with ‘A’ records (IP addresses) and ‘MX records’ (mail addresses) for the domain.

Discover the full benefits of a continuous testing programme

Download the Prism Services technical datasheet