Phishing Simulation

If a business is breached, there is a strong likelihood that the breach started with a phishing attack. Phishing scams are fraudulent attempts to acquire sensitive information such as credit card details, usernames and passwords. Pretending to be a trusted source through digital communications, typically email, scammers will convince people into submitting information, downloading malware and more usually with the aim of monetary gain.

Portal

What is a Phishing Simulation Service?

Phishing scams are fraudulent attempts to acquire sensitive information such as credit card details, usernames and passwords. Pretending to be a trusted source through digital communications, typically emails, scammers will convince people to submit information, download malware, and more, usually for monetary gain.

With a phishing test, simulated phishing emails get sent to staff across your organisation. The emails act like phishing emails to get your employees to click links, enter passwords and perform other actions often requested by phishing emails. The test's purpose is that staff can make mistakes, fall for simulated phishing emails, and learn from their mistakes in a safe environment without the drastic consequences of a phishing scam.

What are the benefits of a Phishing Simulation Service?

Phishing scams can be extremely damaging to individuals and your business. Your staff must stay vigilant and aware of the latest phishing scams. Due to this, we can send emails annually or periodically throughout the year to maintain constant awareness of the threat of phishing scams.

We also offer 'spear-phishing', a phishing attack targeted at high-value targets like C-level execs, executive PAs and other people high up within your organisation. These high-value targets must be particularly wary of scams as they often have access to the most sensitive information. They pose the most significant risk to your business's cyber security.

Phishing scams are unique in that the weakest link in your security when it comes to them is not passwords, firewalls or outdated software but the people within your company.

A Phishing test will:

  • Assist your team in learning to identify, avoid and report phishing emails
  • Increase awareness of phishing emails and scams

Basic Campaigns

Basic phishing campaigns will send a specially crafted phishing email to an email or emails of your choice. This specially crafted email will contain a tracker and a link to a blank website. Once emails are issued to the target emails.

OnSecurity will then log whether the recipients:

  • Open the email
  • Follow the web link in the email to the blank website


We will then generate a full report detailing which users opened the email and followed the web link.

Intermediate Campaigns

Intermediate phishing campaign will again send a specially crafted phishing email with a tracker and a link to a website. However, in this instance, the website will be a specially crafted page simulating a legitimate service, such as a user login or data entry area. Once emails are issued to the target emails.

OnSecurity will then log whether the recipients:

  • Open the email
  • Follow the web link in the email
  • Enter any credentials or data into the specifically crafted website


We will then generate a full report detailing which users opened the email, followed the web link and entered any data on the website.

Are you CREST Certified?

OnSecurity is a CREST (Council of Registered Ethical Security Testers) approved vendor. This means that all our test methodologies, processes, policies and procedures have been externally vetted by CREST to ensure we are operating to the highest standards possible in the pentesting industry.

On top of this the majority of our testers are CREST certified, meaning they have been through a CREST assault course (or CREST-recognised equivalent) to ensure they have the requisite skills needed to find and exploit vulnerabilities in a safe and controlled manner.

This external validation means you can be confident your pentests are being carried out to the highest standard, by vetted and tested consultants, who use a best-in-class manual-first approach to testing.

Crest Logo

Spear Phishing

Advanced email phishing service will be a more targeted attack against specific individuals/emails.

The advanced phishing emails will contain:

  • Malicious payloads or links to Onsecurity websites hosting malicious payloads


This test aims to obtain remote code execution access on the targets and thus indicate full compromise of the victim's device.

Once this access is obtained, OnSecurity will inform the client and await further guidance on whether to use this access to target the corporate network further.

Get an Instant Phishing Test Quote

Do you have a budget and want to know how much a specific pen test would cost? Try out our instant quote generator and get the ball rolling.

© 2022 ONSECURITY TECHNOLOGY LIMITED (company registered in England and Wales. Registered number: 14184026 Registered office: Floor T, Castlemead, Lower Castle Street, Bristol, England, BS1 3AG). All rights reserved.