PHISHING TEST

Increase employee awareness
and improve security
Overview

Strengthen resilience with phishing tests

Phishing is the most common attack vector to infect employees’ computers with malicious code. The attack method is that someone (often by mail) claims to be, for example, an employer, bank, authority or another company in order to access sensitive information. Another common variant is to hijack computers by exploiting frequently known security deficiencies, e.g. in browsers, for users who click links in phishing e-mails.

To strengthen the resistance to phishing attacks, Sentor offers phishing tests. As part of Sentor’s phishing test, we design and implement one or more custom phishing campaigns in a controlled way. These campaigns target a recipient list – either specified by the customer or established by Sentor through Threat Intelligence, and by mapping the customer’s organisation through publicly available sources.

Provides a clear picture of current status and improvement areas

The result of a phishing campaign consists of a number of metrics that indicate clearly the current status and potential improvement of the customer. One of the deliverables consists of a report containing the following measurement values:

CTR – Click-Through Rate – Percent of users clicking on links.
ILR – Information Leakage Rate – Percent of users who fill in potentially sensitive data on the linked phishing page.
BPL – Browser Patch Level – Percent status of patch level in browser that opens the phishing page.
FOR – File Opener Rate – Percent of users who open attachments.
OMER – Office Macro Execution Rate – Percent of users who open attached Office files and run macros
ESR – External Source Rate – Percent of CTR users connecting from other IP addresses than the customer’s own

Increases the awareness of susceptible employees

Customers who click on phishing links in our campaigns end up on an information page where the user is informed about how to avoid the same trick next time, reducing the likelihood that the user will be fooled again.

We conduct two campaigns with two different levels in parallel. One campaign that is easier to detect for vulnerable users and one that is harder to recognise. The aim is to measure the organisation’s resilience to different types of attackers, both lower qualified ones who target a wide range of goals at the same time, but also to attackers who tailor-made campaigns to attack selected individuals in a particular organisation with higher precision.

Delivered in subscription form or as separate tests

We deliver phishing tests either as a separate test or in a subscription form with campaigns performed at a selected frequency – e.g. monthly or quarterly. Customers with phishing subscriptions can clearly see trends in metrics such as Click-Through Rate over time, showing how much more resilient the organisation has become through the specific training that each phishing test entails.

In addition, we also provide Security Awareness Training, where results and ”War stories” from the recent phishing test can be presented to achieve the ”aha” effect of employees. Security Awareness Training provides an increased level of resilience for subsequent phishing tests or real phishing attacks.

Like more information? Please send your e-mail address and we will get back to you!

More information
What methodology do Sentor apply?

We are investigating cybercrime using our well-tested methods. First we’ll track, preserve and prepare evidence. Then we’ll reconstruct all activities in the network at the time of the crime, step by step, documenting times and dates, images and graphics. The result will be a solid testimony that clearly and simply visualize what has happened, what has and has not been done and who is guilty of what.

Video: BBC visited Sentor

Sentor's technical security consultant demonstrates how easy it is to exploit a security hole in an application and get access to critical information. He even takes control of the microphone and webcam on the journalist’s computer.

Read more!

Want to get in touch?