A customized phishing campaign
> Turn your users into contributors to IS protection and test their reaction to an attack attempt.
> Accustom users to suspicious emails, who will learn by example how to detect them and develop reflexes that will help you protect yourself from attacks.
> Measure the current level of awareness of employees to information systems security, and increase their level of vigilance.
The SOC CWATCH ensures the following phases
Preparation of the campaign
> Definition of the target population
> Technical preparation
> Creation of the scenario
Execution of the campaign
> Launch of the campaign in accordance with the established schedule
> Follow-up and support during the campaign
Restitution of the campaign
> Consolidated results of the campaign
> Analysis of the results and proposal of areas for improvement
Examples of customized campaigns
To support the morale of employees, your Management offers them to win watches produced with a partner (or other object that makes sense to your business)
An internal survey aims to identify the problems and difficulties related to employees’ teleworking conditions
HRIS software data leak
Communication to users about an incident that led to the leak of employee data from HRIS software
Internal communication relating to Covid-19
Internal press release to inform of the newmeasures adopted by your companyto ensure the survivalof the group and limitthe economic impact of the crisis
Credibility of the campaign
> Adaptation of the scenario to your activity
> Use or mention of relevant contacts
> Use of a custom domain name
> Personalization of the home page (logo, etc.)
1. Receipt of a personalized phishing email inviting you to connect to a website
2. Opening of the link to a home page with an authentication form
1st indicator: link opening rate
3. Entering connection information
2nd indicator: login data entry rate
4. If the victim fills out and submits the form, an error page is displayed
The information entered is not retained
Our detailed approach
- Kick-off meeting (remotely).
- Explain the approach.
- Validate the objectives, the target populations, the messages and the associated scenarios.
- Define the organization.
- Set up the configurations.
- Determine the content of the synthesis.
- Agree on the elements to be transmitted and the communication channels.
- Establish the project schedule.
> Planned work
- The message and its content.
- A broadcast address and the domain name dedicated to the campaigns.
- The attack scenario.
- Minutes of the scoping meeting.
- Technical information to whitelist our systems.
- Trigger the phishing campaign according to the scenario and schedule established in the preparation phase, from the Almond phishing platform.
- The sending rate is limited to approximately 2000 recipients per burst to avoid interference from operators / hosts.
> Planned work
- Ensure the smooth running of the campaign.
- Make any necessary adjustments in the messages as soon as possible.
- Track the evolution of statistics.
- Alert the customer in the event of an unexpected event.
- Monitor the behavior of (registered) recipients, in order to form the basis of the final dashboards.
> Working method
- Weekly call to follow up on the campaign.
- Restitution meeting (remote).
- Evaluate the employees’ level of awareness of phishing attacks.
- Advise the client on the definition of his own objectives to be reached.
> Planned work
- Analyze the results of the campaign and establish a comparison with the values generally observed.
- Produce recommendations to the client for the definition of the objectives to be reached.
- Presentation with the analysis, the recommendations and the dashboard.
- Export of raw data.
- Restitution of the control of the personalized domains used.