Social Engineering – Phishing
Research shows that more than 90% of all successful computer-system intrusions and ransomware incidents begin with a phishing attack. Are your employees able to identify social engineering and phishing messages in good time? This is crucial for ensuring your company’s resilience and preventing damage. Even though most phishing messages are intercepted by a variety of technical measures, it is inevitable that a message with malicious intentions will eventually reach a reader. Our phishing services aim to ensure that that reader is sufficiently vigilant to identify this and take appropriate follow-up actions.
What is phishing?
The term “phishing” probably needs no explanation. Still, it is good to know that it comes in many different forms. The medium can vary, with email being the most common, but phishing also occurs via text messages or the telephone (voice phishing). Phishing content has improved greatly in recent years, making it increasingly complex to expose phishing messages. What is more, attacks are increasingly targeted (spearphishing) because the internet provides all kinds of information to enable specific attacks. One example is CEO fraud, where messages are sent in the name of an executive asking the recipient to transfer a certain amount of money (as soon as possible!).
The consequences of a phishing attack are particularly severe. In many cases, an attack – or even a single click – leads to malicious malware penetrating an environment. Consequences like data theft or data encryption (ransomware) lead to normal business operations being disrupted, recovery costs and reputational damage. The victim may be fined or sanctioned because it had taken insufficient measures to prevent the consequences, or to remedy them properly and in good time.
The measures you take to prevent phishing messages from reaching an employee of your company will never be watertight, so you will need to educate your employees on recognising them and taking the proper follow-up steps.
Neem contact met ons op.
About Cuccibu’s phishing services
Our phishing – or social engineering – services take several forms. Naturally, we offer simulated phishing attacks in all possible forms (email, text, app, voice, etc). We can conduct a one-off simulation to assess the level the company is at, but we can also carry out tests at various times throughout the year to encourage ongoing awareness. Cuccibu has numerous scenarios and we are happy to discuss them with you in order to choose the right simulation for your company. During this process, we will also pay attention to the steps to follow after identifying or clicking on a phishing message and the applicable actions to improve the situation.
In addition to sending emails to (parts of) the company, we also offer very specific simulated attacks. We may for example add other companies from the chain, like an IT service provider. We can also test specific scenarios like in a spearphishing attack. Another tool we like to use to make companies resilient is “gamification”.
We are always happy to provide your company with tailored, comprehensive simulations – for example with OSINT or mystery guest visits – or subscription-based methods to raise awareness, including workshops, e-learning, information materials and periodic interventions!
Interested or have any questions?
Please feel free to contact us! We would be happy to help you find the Please feel free to contact us via sales@cuccibu.nl We would be happy to help you find the solution that best suits your company’s needs.
“We believe that you create added value through secure and responsible digitisation. This leads to opportunities for individuals, companies and society as a whole.”