Attack Simulation Service - Phishing

Feisty Fox Security believes that the most effective method to prevent phishing attacks is to give users the opportunity to learn how to recognise and react to phishing attacks by conducting realistic phishing attack simulations.

Feisty Fox Security defines a phishing strategy in partnership with the business which will educate users into recognising and responding to phishing attacks.

Feisty Fox Security uses open-source data to design the most effective approach to deliver the phishing attack.

Following the execution of a phishing attack, the findings are presented to users during a security awareness session where Feisty Fox Security perform a live demonstration of what would have happened if the phishing attack was real.

Methodology

Feisty Fox Security offers the following scenarios:

• Organisation wide email – A phishing email is sent to all employees. The purpose is to determine the overall level of phishing awareness of the organisation.
• Semi-targeted email – A phishing email is sent to a select group of users (e.g. investigators, finance services, human resources, Information technology).
• Targeted email – A phishing email (i.e. spear phishing) is sent to one specific user (e.g. CFO, System Administrator).
• Lost media – Removable media (e.g. USB pen drive, CD-ROM) is “dropped” in a common area (e.g. kitchen, lift) within the organisations premise. The purpose is to determine whether the media is connected to the core system and staff awareness to this type of threat.
• Phone call – Conducted in conjunction with semi-targeted email, targeted email, and lost media scenario.
• Custom – Feisty Fox Security can design any scenario to meet specific requirements of our clients.

The service can be delivered:

• Once – To provide a snapshot of the phishing awareness level within the organisation.
• Over multiple sessions – To measure the progress of security awareness made overtime. This method is the recommended and most effective method.