PHISHING AWARENESS

Our flexible Phishing Awareness solution provides insightful and informative user testing & education to strengthen your cyber-security defences.

WHAT IS PHISHING?

Phishing Hook Phishing emails are fraudulent attempts to steal information or infect the computer you are using with malware. An important way to protect yourself is to learn how to recognise a phishing email attempt.

Those easiest to spot pretend to come from sites, services or companies that you don’t recognise nor have accounts with.

Harder to identify emails appear to come from well-known organisations that you may have an account with. They often ask for a range of information, from usernames and passwords, to credit card numbers or other useful information.

The most sophisticated attempts will utilise personal information, lending them much more credibility.

HOW DO CRIMINALS STEAL INFORMATION?

Phishing Rod In order for Internet criminals to successfully ‘phish’ your information, they would usually direct you to a fake website that resembles the original.

This is often done by providing a ‘link’ within the phishing email that they want you to click. The fake site would then prompt you to enter additional data.

SERVICE FEATURES

Engaging awareness materials and resources

Templates mimic prolific phishing attacks

Bespoke communications and phishing templates

Whale & Spear phishing assessments

Pre and post-campaign vulnerability assessment

Includes communications, assessment, and evaluation

SERVICE BENEFITS

Train employees in a positive and encouraging manner

Analysis of risk level and weak spots within your organisation

Learners able to identify and mitigate phishing attacks effectively

Comprehensive audit trail to assist in compliance of standards

Assess incident response capabilities

Monitor improvements and quantify campaign effectiveness

Heightened awareness of phishing attacks

HOW CAN THINKMARBLE HELP?

phishing-teaching The simulated phishing campaign offered by ThinkMarble is an effective way of teaching your staff about phishing, and how not to fall foul of it.

It’s designed as an educational exercise and not a punitive one. To ensure that your staff see the journey as a positive, with mutually beneficial outcomes.

OUR PHISHING AWARENESS PROCESS:

BASELINE SCOPING

An initial scope discussion will provide a baseline understanding of the phishing awareness within your organisation, and the key performance indicators required. This will enable us to create an appropriate campaign plan and schedule.

We will leverage existing resources such as existing suppliers, corporate contacts, and internal departments to provide realistic looking emails.

CREATING THE CAMPAIGN

Following on from the scoping discussions, we will craft tailored, targeted, and authentic looking emails that purport to be from recognised sources. This is the same approach taken by phishing attackers.

These emails will attempt to entice users to click links to associated websites. They will have a similar appearance to their genuine counterparts, but will solely be used to try and capture user credentials.

GONE PHISHING

Our analysts will start the campaign according to the agreed schedule and frequency. This will usually take between four and six weeks. The users on your recipient list will then start receiving emails. The progress of the campaign is then tracked by our analysts with staged reporting. Review discussions will be completed as necessary.

REPORTING & RECOMMENDATIONS

We will produce a series of reports for you that will break down how your staff are interacting with the campaign. These will comprise:

Weekly Reports

Information provided include the number of emails sent, delivered and clicked (including the number of clicks).

Final Report

This comprehensive report allows you to highlight specific areas in your organisation which would benefit from further training.