Social Engineering

Professional Phishing Prevention
Social Engineering

Phishing as a part of IT security

A phishing campaign is often carried out as part of a larger audit project in order to complement a company's security audit and provide a complete overview of the company's security. As with all areas of IT security, social engineering awareness is an ongoing process that must be constantly repeated, varied and improved.

Phishing attacks have increased dramatically and are trending upward. Protect yourself!

What is phishing?

In phishing, the attacker attempts to obtain sensitive information such as access data or credit card information by means of mail or fraudulent websites. As a supposedly trustworthy counterpart, he takes advantage of the victim's credulity and willingness to help. Phishing is an attempt to deliver malware to the user: the victim is encouraged to download harmful files using perfidious tricks. Phishing is a form of social engineering.

Why phishing?

This type of cyberattack is very popular because criminals can make big loot with relatively little effort. The likelihood that some employees will fall for the scammer's trick is very high. Phishing is an inexpensive gateway for cybercriminals to enter the corporate network or spy on sensitive data.

The best protection is trained employees who know the threat scenarios and take IT security into account in their daily work.

Benefit: Why phishing prevention pays off for you.

Today, investments in technical protection measures alone are no longer enough.
Phishing simulation and awareness campaign bring benefits to your company:

  • The awareness level of employees is determined and shows where there is potential for improvement.
  • Trained employees provide valuable protection against cyber attacks as a human firewall.
  • This means that a cyber attack can be detected early - costly malware attacks are prevented.
  • You can avoid image damage and bad press for your company.
  • Security guidelines support employees in the correct behavior in the event of social engineering.
  • Collaboration between employees and the service desk shows where processes should be optimized.
  • Further insights into the potential for improvement on a technical or software-based level.

Professional phishing prevention

Thus, the most important are awareness measures and the technical protection mechanisms such as malware scanners, sandbox solutions or blocking of known phishing IPs. The human being is always the weak point in phishing. He or she decides whether to click/open an email attachment without thinking or to delete it.

IT service providers have recognized the problem of insufficient awareness of phishing and offer complete social engineering frameworks. This enables extensive campaigns to be carried out to deal with sensitive information and to raise awareness of phishing. Part of this can be fake phishing attacks to detect vulnerabilities.

Social engineering frameworks offer the following functionalities, among others:

  • Creation and sending of phishing emails directly from the framework (administration, recipient, sender, mail server, etc.)
  • Simplified creation and hosting of a phishing site (copying of existing pages, SSL configuration, redirection, templates)
  • Generation and execution of file-based simulations (MS macros, EXE files, PDFs, etc.)
  • Evaluations of the campaign (success rate, transmitted data, executed files, possibility of anonymization, geo/browser/operating system information)
  • Sending of training material (web-based online training, educational videos, online quizzes, etc.)
  • Automatic generation of a report

Social engineering framework in use at terreActive      Lucy Logo

terreActive relies on the solution of the Swiss company LUCY Security.LUCY offers a diverse range of features, phishing simulations, awareness training, reporting as well as other services. This platform is regularly updated and permanently developed to keep up with the hackers' techniques. terreActive is an official LUCY partnerand has several years of experience in the field of phishing simulations, infrastructure tests as well as awareness training for employees. Ask for our references!

Protect yourself from phishing! We support you.

At terreActive, you can choose from two offer variants. You decide whether you only want to take advantage of a phishing simulation or awareness training, or both for maximum security.

offers

 

 

The targeted phishing attack as part of the security awareness campaign was an educational experience for all of us. Thanks to this example of social engineering, we know what an attack might look like, meaning that we are prepared for it.


Fabio Semadeni
Head of Services
Bank SLM

For those who want to know even more – more information about phishing

Types of phishing

  • Phishing in mass mailing: Very broadly designed attacks with as many recipients as possible. The mail message is usually formulated very impersonally and is easy to unmask.
  • Spear phishing: The targeted attack is usually aimed at a single person or a small group of people. The mail message is highly personalized. Because of the extensive research done beforehand, it is more difficult to unmask the fraud attempt.
  • Whaling: A spear phishing attack directed at high-ranking corporate members.
  • Smishing: Phishing by SMS.

Six simple ways to recognize phishing

  • The sender pretends to be a familiar company (e.g. “PayPal Customer Support”)
  • Compromised attachments (e.g. zip files)
  • Intimidation tactics (e.g. “Overdue invoice”)
  • Impersonal salutations (e.g. “Important message for all PayPal customers”)
  • Manipulated links (link is displayed as www. paypal.com/login, but leads to www. hackersite.com)
  • Fake domain names (a domain such as www. payppall.com or www. paypal.customerssupport.com is used)

Experience brings efficiency

Reduce your own effort and achieve results faster by taking advantage of terreActive's experience from extensive social engineering projects. Thanks to our security know-how, we can implement your desired campaign in a technically professional manner. A detailed report provides you with comprehensible documentation for different target groups. This allows you to work on and eliminate your weak points even after the social engineering project.