If a business is breached, there is a strong likelihood that the breach started with a phishing attack. Phishing scams are fraudulent attempts to acquire sensitive information such as credit card details, usernames and passwords. Pretending to be a trusted source through digital communications, typically email, scammers will convince people into submitting information, downloading malware and more usually with the aim of monetary gain.Get Instant Online Quote
At OnSecurity, we provide a phishing simulation service which is a phishing test that is designed to improve awareness of phishing scams across your organisation.
With a phishing test, simulated phishing emails are sent to staff across your organisation. The emails act like real phishing emails to get your employees to click links, enter passwords and other actions often requested by phishing emails. The purpose of the test is that staff can make mistakes and fall for simulated phishing emails and learn from their mistakes in a safe environment without the drastic consequences of a real phishing scam.
Phishing scams can be extremely damaging to individuals and your business so your staff must stay vigilant and aware of the latest phishing scams. Due to this, we can send emails either annually or periodically throughout the year, to maintain constant awareness of the threat of phishing scams.
We also offer 'spear-phishing', which is a phishing attack targeted at high-value targets like C-level execs, or executive PAs and other people high up in within your organisation. These high-value targets need to be particularly wary of scams as they often have access to the most sensitive information which poses to be the biggest risk to your business if it is stolen.
Phishing scams are unique in that the weakest link in your security when it comes to them is not passwords, firewalls or outdated software but the people within your company. A phishing test will;
Basic phishing campaigns will send a specially crafted phishing email to an email or emails of your choice. This specially crafted email will contain a tracker and a link to a blank website. Once emails are issued to the target emails OnSecurity will then log whether the recipients;
We will then generate a full report detailing which users opened the email and followed the web link.
Intermediate Level Phishing
Intermediate phishing campaign will again send a specially crafted phishing email with a tracker and a link to a website. However in this instance the website will be a specially crafted page simulating a legitimate service, such as a user login area or data entry area. Once emails are issued to the target emailsOnSecurity will then log whether the recipients;
We will then generate a full report detailing which users opened the email, followed the web link andentered any data in the website.
Advanced email phishing service will be a more targeted attack against specific individuals/emails. The advanced phishing emails will contain:
The aim of this test is to obtain remote code execution access on the targets and thus indicating full compromise of the victims device.
Once this access is obtained OnSecurity will inform the client and await further guidance on whether they use this access to further target the corporate network.
CREST Registered - CREST Certified
OnSecurity is a CREST (Council of Registered Ethical Security Testers) approved vendor. This means that all our test methodologies, processes, policies and procedures have been externally vetted by CREST to ensure we are operating to the highest standards possible in the pentesting industry.
On top of this the majority of our testers are CREST certified, meaning they have been through a CREST assault course (or CREST-recognised equivalent) to ensure they have the requisite skills needed to find and exploit vulnerabilities in a safe and controlled manner.
This external validation means you can be confident your pentests are being carried out to the highest standard, by vetted and tested consultants, who use a best-in-class manual-first approach to testing.
Make sure hackers can’t steal data via your main web app, and protect your app users.Read More
Make sure your deployments are secure - including AWS, Azure and GCP.Read More
Test to see how your external IT perimeter would hold up against intruders.Read More
See what hackers can do once they are inside your network.Read More
Office blocks, factories and power plants - if it has a door we can test it.Read More