Phishing Tests

Phishing Test Charlotte, NC
 
Phishing Test email computer graphic
 
 

The largest growing threat to Network Security is Social Hacking or Social Engineering. Social Engineering Attacks cannot be stopped through security hardware and software. Only by being able to identify and properly react to the attacks can an organization and its users be protected. To this end, JSCM Group will perform two different Social Engineering Tests: Phishing and Vishing.

“Phishing” refers to a malicious attempt to gather information about an organization using emails to users on the network. Phishing attacks can cause significant damage to a network by exploiting social vulnerabilities to gather data on the organization’s confidential information.

An even bigger threat with phishing is a “Spear Phishing” attack.  With this tactic, an attacker will specifically target an individual or organization.  These attacks are even more dangerous, because the attacker will gather specific information about the individual or organization to make their attempt more believable.  These attacks can often go unnoticed, and can lead to significant loss of funds, or access into a network.


Nearly 1.5 million new phishing sites are created each month.
— Webroot Threat Report

There are two primary methods that an attacker will use in a spear phishing attack.  The first is that they will try to get the target to give over sensitive information, like a password.  This would allow them to then try and access systems on the network.  The second is that they would try to get the user to click on a link.  This link could allow them to acquire specific information about the target, such as the computer they were using.  The link could also allow them to install malicious content or a tracking file onto the target’s computer.

Phishing Email image
 
 

To ensure that your network is safe from such an attack, we will simulate a spear phishing attack against your organization.  This will be a controlled test, and no personal information will be gathered. 


PHISHING TESTING

Charlotte NC Phishing Report Process

Information Gathering

  • Perform Reconnaissance on Organization’s Information

  • Identify Individual to be Used as Sender


Test Setup

  • Create Individual Emails to Target Users to Gather Organization-Specific Information

    Or

  • Create Individual Emails to Target users to Click Link


Results Review

  • Identify Individuals that Failed Phishing Attempt

  • Calculate Failure Percentage


Phishing Test Failure Rate

Phishing Test Failure Rate infographic

 
 

Vishing Testing

A Voice Phishing, or Vishing Attack, is similar to a Phishing Attack in that it is targeting specific users in an organization to steal money or information. Our testers will work directly with you to create a list of users to target and to develop a script or scenario that we will perform to attempt to gather information from the user.


Information Gathering

  • Perform Reconnaissance on Organization’s Information

  • Identify Role Caller Will Have


Test Setup

  • Create Individual for Target Users


Results Review

  • Identify Individuals that Failed Vishing Attempt

  • Calculate Failure Percentage

 

Ready to get started?

Still have questions?  See our FAQ pages or give us a call.