PHISHING Simulation SERVICE
PHSS
Phishing is the largest cyberthreat to businesses and consumer worldwide, and the number of recorded phishing attacks continues to grow exponentially. Ransomware phishing attacks don’t usually deliver ransomware. Instead, they deliver a payload that allows the ransomware attacker to start reconnaissance of the organization.
Phishing Delivers Ransomware
| Cause of Ransomware Attack | % of 2021 attacks where it was present |
| Phishing | 45% |
| Malicious Websites | 22% |
| Social Media | 19% |
| Maladvertisements | 13% |
Source: IBM Cyber Resilient Organizations Study 2021
What is Phishing?
Phishing attacks target victims over email and text messages. The goal of phishing is to deceive the victim into sharing confidential information or downloading malware onto their computer.
To execute the phishing attack, hackers create spoofed login pages of popular sites that are designed to steal credentials. The hacker’s goal is to pressure the victim into clicking this compromised link and giving up their password.
Examples of Phishing
All phishing attacks deceive their victims into sharing confidential information. But did you know that phishing can also happen over text message and phone calls, not just email? Hackers can also use different components of the email message — like attachments and the sender address — to make their credential harvesting attempts more successful.
- Domain spoofing: When hackers spoof a website name or email address to convince the recipient that the phishing email comes from a trusted source.
- Business email compromise: When hackers take over an email account after a successful phishing attack and use it to inflict more damage at a company.
- Spear phishing: When specific individuals receive targeted phishing emails.
- Whaling: When hackers use spear phishing tactics to target executives or other high-profile victims.
- Clone phishing: When hackers create copies of pre-existing emails and replace attachments or links with malicious content.
- Smishing: When hackers use text messages to launch phishing attacks instead of email. The SMS text usually has a link to a phishing site or malware download. If not, it will directly request personal information from the victim, who replies back if they fall for the scam.
- Vishing: When hackers use phone calls and voicemail messages to scam victims. They will impersonate a legitimate service or colleague in the hopes of extracting sensitive or confidential information.
- Deactivation scares: Hackers send emails to victims claiming that an essential service like their bank account has been deactivated. To reactivate their account, the victim must click on a link to verify their identity. Of course, this is a phishing link to a spoofed login page that captures their credentials.
Da3mon Computer PHSS
Da3mon Computer phishing simulations are supported by our in-house software platform. In particular, our backend application offers the full set of functionalities required to conduct phishing campaigns:
- Setup of phishing campaigns
- Creation of phishing email template and landing pages
- Integration and selection of targeted users
- Scheduling of phishing campaigns
- Real time monitoring of click rates, time to click, etc.
- Evaluation of the basic phishing and ransomware protection controls implemented by the organization
- Final dashboard with consolidated results
The phishing simulation and associated corporate communications can be optionally complemented by security awareness training focusing on phishing threats.