Phishing Vulnerability Testing

Gone Phishing

An email arrives from Wells Fargo. (Or Chase. Or Bank of America. Or BB&T.) Your account has been flagged for possibly fraudulent activity. It is urgent that you log in and verify your recent activity. For your convenience, the email contains a link to the bank’s secure website. You click on the link, and a browser window opens. There’s a familiar logo at the top of the page, sophisticated graphics, blurbs about new mortgage rates. You enter your user name and password in the usual place. 

Your banking information has just been hacked.

Another email comes in, this time from someone in your Human Resources department. Turns out the company is evaluating potential health insurance providers for next year’s open enrollment, and you have one week to respond to a survey. The letter contains a link to the survey website. You click on the link (after all, it came from someone you know), and are redirected to a site which asks three minutes worth of innocuous survey questions. Which is longer than it takes to infect your computer with malicious code.

Phishing and spearphishing are the most widely used techniques to perpetrate cybercrime in use today.  

  • Phishing emails cast a wide net. Tens of thousands go out indiscriminately from senders that look remarkably like your bank, or PayPal, or Uncle Sam.  
  • Spearphishing attacks target specific users or groups of users (your employees, for example). They often appear to come from someone you already know or trust, whose email signature has been spoofed for exactly that purpose.

SLPowers can show you how vulnerable you are, and how to prevent your employees—and your company—from becoming victims.

We use the same sophisticated phishing and spearphishing techniques used by cybercriminals to test your environment. We will send these emails to your staff and document their subsequent actions. This can yield positive or negative outcomes, often both from the same email. Some users will inadvertently click on the link; others will notify your IT department that something “fishy” has come in.

Your SLPowers phishing report will confidentially document who did what, and how many of your staff fell victim to our various pre-approved “scams.” And it will outline an employee education program that makes it much less likely that they will put their own privacy, and the integrity of your network, at risk in the future.

Our live training consists of fun, interactive sessions in which true stories of actual incidents resonate with users long after the session ends.

It is supplemented with an ongoing e-learning program to keep your people up to speed on the newest techniques to be aware of. Our e-learning platform also makes it easy to test (making sure the right messages are getting across), and easy to document (keeping regulators happy).

Contact us today, and sleep easier tonight.