Security Awareness
As good as all technical measures are, the human factor is and remains the greatest risk to information security in the company. To address this problem, we develop a comprehensive awareness concept for you:
- Training & Awareness Workshops for end users and technical staff
- Phishing Campaign & Attack Simulation
- Red Teaming & Social Engineering
- Awareness Tools
- Design & implementation of awareness platforms
- Awareness Communication
- Management Awareness
Spear-Phishing-Campaign
A phishing attack is used by an attacker to obtain user names and passwords, which can then be used for further penetration of the systems. Users and employees are requested by e-mail to click on a link within this e-mail, for example, which then leads to Internet pages on which the user must log in. If users disclose their login information here, it is immediately forwarded to the hacker. The results of a phishing attack in the context of a security assessment indicate both the sensitization (awareness) of users and technical security measures to make this type of attack more difficult.
The phases of implementation are as follows:
- Phase 1 – Information gathering
- E-mail addresses by means of Open Source Intelligence (OSINT) via Linkedin, XING etc.
- Layout/corporate design, current company events e.g. as background story
- Darknet research including information sources commonly used by attackers
- Phase 2 – Selection of a suitable phishing scenario
- Phase 3 – Creation of the phishing domains, email recipient list and individual phishing website
- Phase 4 – Creation of the phishing e-mail
- optional: creation of an individual "malware" without actual malicious function
- Phase 5 – Fine tuning of the e-mails and e-mail dispatch, bypassing any existing protection mechanisms
- Phase 6 – Start of the campaign with sending of the e-mails
- Phase 7 – Anonymized evaluation according to agreed time / statistics generation
- Phase 8 – Creation of results report and provision of a reconnaissance e-mail
