Phishing attacks are often the starting point of a breach in business security. OnSecurity's phishing simulation services are phishing tests expertly designed to improve awareness of phishing scams across your organisation. Get your anti-phishing simulation and awareness quote today.Get Instant Online Quote
Phishing scams are fraudulent attempts to acquire sensitive information such as credit card details, usernames and passwords. Pretending to be a trusted source through digital communications, typically emails, scammers will convince people to submit information, download malware, and more, usually for monetary gain.
With a phishing test, simulated phishing emails get sent to staff across your organisation. The emails act like phishing emails to get your employees to click links, enter passwords and perform other actions often requested by phishing emails. The test's purpose is that staff can make mistakes, fall for simulated phishing emails, and learn from their mistakes in a safe environment without the drastic consequences of a phishing scam.
Phishing scams can be extremely damaging to individuals and your business. Your staff must stay vigilant and aware of the latest phishing scams. Due to this, we can send emails annually or periodically throughout the year to maintain constant awareness of the threat of phishing scams.
We also offer 'spear-phishing', a phishing attack targeted at high-value targets like C-level execs, executive PAs and other people high up within your organisation. These high-value targets must be particularly wary of scams as they often have access to the most sensitive information. They pose the most significant risk to your business's cyber security.
Phishing scams are unique in that the weakest link in your security when it comes to them is not passwords, firewalls or outdated software but the people within your company. A phishing test will;
Basic phishing campaigns will send a specially crafted phishing email to an email or emails of your choice. This specially crafted email will contain a tracker and a link to a blank website. Once emails are issued to the target emails, OnSecurity will then log whether the recipients;
We will then generate a full report detailing which users opened the email and followed the web link.
Intermediate Level Phishing
Intermediate phishing campaign will again send a specially crafted phishing email with a tracker and a link to a website. However, in this instance, the website will be a specially crafted page simulating a legitimate service, such as a user login or data entry area. Once emails are issued to the target emailsOnSecurity will then log whether the recipients;
We will then generate a full report detailing which users opened the email, followed the web link and entered any data on the website.
Advanced email phishing service will be a more targeted attack against specific individuals/emails. The advanced phishing emails will contain:
This test aims to obtain remote code execution access on the targets and thus indicate full compromise of the victim's device.
Once this access is obtained, OnSecurity will inform the client and await further guidance on whether to use this access to target the corporate network further.
CREST Registered - CREST Certified
OnSecurity is a CREST (Council of Registered Ethical Security Testers) approved vendor. This means that CREST has externally vetted all our test methodologies, processes, policies and procedures to ensure we are operating to the highest standards possible in the pentesting industry.
On top of this, most of our testers are CREST certified, meaning they have been through a CREST assault course (or CREST-recognised equivalent) to ensure they have the requisite skills needed to find and exploit vulnerabilities in a safe and controlled manner.
This external validation means you can be confident your pentests are being carried out to the highest standard by vetted and tested consultants who use a best-in-class manual-first approach to testing.
Make sure hackers can’t steal data via your main web app, and protect your app users.Read More
Make sure your deployments are secure - including AWS, Azure and GCP.Read More
Test to see how your external IT perimeter would hold up against intruders.Read More
See what hackers can do once they are inside your network.Read More
Office blocks, factories and power plants - if it has a door we can test it.Read More
Need A Hand?