How do Hackers gain access to sensitive information?

They ask for it.

Don’t let your staff get hooked! Start minimizing the risk today

Managed-phishing-simulation-service

What is Phishing

Phishing is the technique used to derive sensitive information for ill gain, from an unsuspecting individual using email. It is estimated that Phishing attacks account for more than 80% of reported security incidents.

Phishing can lead to Ransomware and Malware attacks that can cripple a company, rendering it unable to conduct business or sales operations. The clean up costs of a Phishing attack can be in the tens of thousands of dollars and reach as high as 100K after cleanup costs.  Additional damage can come from the loss of consumer confidence and trust.

SecuPhish is a Phishing simulation platform that has been developed to conduct controlled, simulated phishing attacks designed to coerce a targeted user into divulging sensitive information that could be used in a real Phishing attack. Data is collected and reports are produced that highlight user actions that may put the company or individual at risk of an attack.

The SecuPhish Phishing Simulation Service has been developed by SecuSolutions and is fully managed by SecuSolutions Security Staff.

Statistics

Phishing attacks account for more than 80% of reported security incidents. (CSO Online)

Email is responsible for propagating 95% of all malware. (source IT Chronicles)

88% of organizations worldwide experienced spear phishing attempts in 2019. (Proofpoint)

The top malicious email attachment types are .doc and .dot which make up 37%, the next highest is .exe at 19.5%. (Symantec)

ransomware-managed-phishing-simulation-service
Security-penetration-testing

The Benefits

The cost of a system outage due to a security breech, ransomware attack, or other malicious attack can carry a substantial negative financial and reputational impact.  Phishing simulation testing is the best way possible to measure a corporation’s awareness level, of a Phishing attack.  Powerful reporting features help pinpoint user actions that quickly identify any areas of concern needing attention. Follow up training can be provided to help the user recognize the signs of Phishing attempt. This dramatically reduces the probability of a successful attack that could cause system compromise, downtime, and the costs of recovery.   

1

Improve Security Awareness

  • Heighten user awareness
  • Reduce the probability of attack
  • Improve staff morale – reduce negative communication about inadequate security protocols spoken internally or externally

2

Boost Consumer Confidence

  • Demonstrate the commitment to security and safety of client data
  • Improve corporate image

3

Maintain Investor or Shareholder Confidence

  • Mitigate risks to the corporation
  • Demonstrate a proactive vs reactive stance on security issues
  • Tactically Deployed covert or overt phishing simulations that are strategically planned together with our partners or customers to ensure maximum results.
  • Painstakingly Detailed email templates and landing pages that look as authentic as any original might.
  • Closely Monitored activity and user actions that measure the effectiveness of the campaign and level of awareness of the user.
  • Pinpoint Reports that reveal user actions, that help to determine problematic areas of concern.
security-phishing-simulations

Phishing Campaign Strategy Session

Free prelaunch meeting with the client to define scope conduct intelligence gathering and to determine goals for the campaign.

Phishing Campaign Results Review Session

Free post campaign session to discuss the results of the phishing simulation. Review user actions, make recommendations and plan the next campaign.

Advanced Reporting

Keep track of your company’s ROI. Powerful reports that provide important information that track user actions, and measured improvement over time.

Archivable Data

Always available all the time. Need to refer in time back to a specific campaign or user group? We archive our campaigns for reference based on our archiving options.

Custom Developed Email Templates*

Hackers don’t use recycled email templates found in DIY Phishing simulation applications, they craft their own and so do we. Each template is developed using the latest coding techniques to help bypass spam filters ensuring that the email meets the intended target.

Custom Developed Landing Pages*

Landing pages that match the emails templates we develop. A poorly developed landing page will easily be detected by a suspicious user. We go to great lengths to ensure they look as authentic as the real deal.

Managed

Each campaign we deploy is assigned to a Master Phisher that will monitor the campaign from deployment to report delivery.

Whitelisting Support

Whitelisting instructions are offered to all our partners or customers to ensure the emails hit their intended targets.

Scheduled Campaigns

To ensure effectiveness, careful planning goes into each campaign to trickle out the emails over a period of time. We will separate groups of users to avoid alerting users, and to limit the detection of hypersensitive spam filters.

Expertly Executed Covert or Overt Campaigns

If your mission is to covertly record user actions without them knowing for a later discussion, or to provide an instant “teaching moment” by way of a message or instructional video, we have you covered.

Support

Partner or Customer email support provided within 24 hours of a reported issue.

*Note a total of 4 custom emails templates and 4 custom developed landing pages are included in the yearly license agreement.    

.

phishing-simulation-service

Fee Based Options

Additional Phishing Campaigns

If four campaigns are not enough to run in one year, more campaigns can be deployed. Each additional campaign includes one customized email template and landing page.

Remote Online Training Sessions

Do you have the need for in person training for groups, or individuals would you like to host an event on security training? We offer remote training sessions with experienced security professionals that can customize a training session that will address any specific security training requirement.

Spear Phishing One Off Campaigns

If you have a specific need to conduct a special spear phishing campaign on select individuals or groups, we can support your needs.

Customized Video for Inclusion in Campaign

Get the message across in an impactful way with an instructional video message that can be triggered by a user action. This “teaching moment” is ideal for companies that want to reach the users with a message that will help them to understand the dangers of their action.

ransomware-managed-phishing-simulation-service

Partner Benefits - SecuPhish Phishing
Simulation Service

phishing-simulation-service

Access to the Growing Security Market

Through partnership with SecuSolutions, our partners gain access to the security market and all the additional opportunities in Security Training, Consulting, and other Managed Security Service offerings available through SecuSolutions

phishing-simulation-service

Recurring Revenues MRR

Due to the need for consistent ongoing testing and strong customer retention, our partners realize ongoing recurring revenues through multi-year agreements and subscription renewals.

phishing-simulation-service

No Front Load Costs

Pay for what you sell. No obligation to prepay for Phishing Simulation Services. Reasonable payment terms available.

phishing-simulation-service

Generous Partner Discounts

Our Partners receive favorable costing on our services that allow for substantial margins.

phishing-simulation-service

Ancillary Sales Opportunities

As a result of the Phishing service a heighten level of security awareness usually occurs, which opens additional sales opportunities to offer products or services our partners provide.

Managed-phishing-simulation-service

Rapidly Deployable

Post Phishing Campaign Strategy session, which is included in the service, campaigns usually commence within 3 to 5 business days.

Managed-phishing-simulation-service

Full Sales Support

We realize that selling security can be a challenging task. As such we offer our partners extensive training and sales presentation support. We will assign a member of our team to offer assistance where needed as needed.

Managed-phishing-simulation-service

Marketing Collateral

we have assembled a library of documentation, videos, and marketing material for use by our Partners. If you need help critiquing a marketing piece you created, we can do that. If you need some marketing guidance, we can offer that too.

Frequently Asked Questions

A fully managed Phishing simulation includes a series of critically important elements that are imperative to a successful phishing campaign. The aim is to get the user to commit to an action, open email, click on links and submit data.

Special emphasis is placed on the customized development of Phishing email templates that are developed by SecuSolutions. Care is taken to ensure that they do not contain elements that are easily detected by spam filters. Each template that is used, is developed by a security professional to ensure that the probability of success is as high as can be expected.

The landing pages that we develop are also created by a security professional who pays close attention to its authenticity and appearance so that the end user is unassuming and is more likely to commit to submitting data or committing an action. That is the goal of a Managed Phishing Campaign effort.

Due to the constant evolution of spam technologies, many “off the shelf” phishing services that companies offer, are unsuccessful at reaching their intended audience or users. The reason is that the email templates that are included in these offerings are basic and not developed to omit certain content or data that spam technologies have been developed to detect. If the emails are caught in spam filters, user actions cannot be measured as they may never see the phishing simulation template that was intended to reach the user.

Another challenge that DIY phishing services have is that they are often used without any strategy or planning in place. Failed deliveries, emails caught in spam filters and low user action rates are just a few of the reasons off the shelf phishing simulations are not effective.

Above all else, Hackers don’t use these services because they are simply not effective.  Hackers craft their own emails and landing pages to ensure they get through to their intended victims. So do we.  

Phishing is the number two most common cyber-attack. It is how a hacker or bad actor delivers a malware or ransomware attack. A practical test that is conducted in a controlled environment is the best way to measure a user’s reaction to a simulated phishing attack. It is a true test of awareness.

A phishing simulation test report will contain user actions such as opened emails, clicked links and submitted data. These actions produce variable results that can be measured and used to heighten user awareness and mitigate risk to the corporation.

Since all our Phishing Simulations are fully managed, there are several unique options available to the company that has initiated the campaign. These options will be discussed in our pre-launch session

The steps are as follows:

  • A questionnaire is provided to the Partner or Customer to help gather some vital information
  • A pre campaign meeting is scheduled and held with the Partner or Customer and a strategy is put in place for the campaign.
  • The email and landing pages are developed by SecuSolutions, and the campaign is launched according to a schedule
  • Campaign results are sent to the Partner or Customer and a campaign wrap up meeting is held with the Partner or Customer

Since all our Phishing Simulations are fully managed, there are several unique options available to the company that has initiated the campaign. These options will be discussed in our pre-launch session

The steps are as follows:

  • A questionnaire is provided to the Partner/Customer to help gather some vital information
  • A pre campaign meeting is scheduled and held with the Partner/Customer and a strategy is put in place for the campaign.
  • The email and landing pages are developed by SecuSolutions, and the campaign is launched according to a schedule
  • Campaign results are sent to the Partner Customer and a campaign wrap up meeting is held with the Partner/Customer

A covert campaign is done without the targeted user having any prior knowledge of the phishing campaign. It is the preferred method by many companies that want to capture user actions and responses to phishing emails without the users “being on alert”, due to prior knowledge of an upcoming campaign.

An overt campaign is done with the targeted user being aware that a campaign is being conducted. The campaign emails typically include a “teaching moment”. This teaching moment can include a pop-up message that appears after a link is clicked or data is submitted. The message appears on a landing page that we develop and can include tips on identifying a phishing email, it can also include a short training video on Phishing.

In either case, user data is recorded and presented in the report provided to the Partner Reseller