What is phishing?
Phishing is a type of social engineering attack in which cyber criminals trick victims into handing over sensitive information or installing malware.
This mostly occurs via malicious emails that purport to be from trusted senders, so it is critical to educate your employees about how to recognize phishing emails – and what to do when they receive one.
What is a phishing penetration test?
Phishing penetration testing involves carrying out a simulated phishing attack to assess your staff’s susceptibility to phishing and other types of social engineering attacks.
Combined with targeted staff awareness training, it provides a focused means of reducing the risk of malware compromising your systems.
Speak to an expert
For more information on how our CREST-accredited penetration testing services can help safeguard your organization, call us now on
+1 877 317 3454, or request a call back using the form below
Get in touch
What is a phishing penetration test?
We can use various techniques, including sending an email to your staff that asks them to take actions that could result in them handing over sensitive information, such as usernames and passwords.
We will then assess their responses and create a report to help you understand where to focus staff training.
Book a Simulated Phishing Attack
We can also create a combined simulated phishing attack and a staff awareness Program to test your staff and then provide the training they need to ensure they understand the risks and what to do if they encounter phishing attacks.
Book a Simulated Phishing Attack with a Staff Awareness Program
Is a phishing penetration test right for you?
If you are responsible for your organization’s information security, you should ask yourself:
- What information about your organization is publicly available that could be used to facilitate phishing attacks?
- Are staff vulnerable to phishing and other forms of social engineering?
- Could a social engineer gain unauthorized access to offices and site locations by exploiting weak security measures?
- Could an attacker gain access to sensitive information from mislaid documentation?
- What information could be obtained by someone taking hardware off-site?
Our engagement process
- Scoping – Before testing, our consultancy team will discuss your social engineering assessment requirements to define the scope of the test.
- Reconnaissance – Our social engineering team uses various intelligence-gathering techniques to collect information from public sources about your organization.
- Assessment – Our social engineering team attempts to gain access to the systems and/or buildings that hold the target information defined by you.
- Reporting – The test results will be thoroughly analyzed by an IT Governance certified tester and a full report will be prepared for you that sets out the scope of the test, the methodology used, and the risks identified
- Workshop – Our team can also run a workshop that will help your employees identify and respond to the cyber threats conducted during the exercise.
Did you know?
Proofpoint’s 2019 report 'The Human Factor' found that 99% of cyber attacks use social engineering such as phishing to trick users into installing malware.
How IT Governance can help you
CREST-accredited
CREST-accredited penetration testing services give you all the technical assurance you need.
Choose your test
You can choose the level of penetration test to meet your budget and technical requirements.
Straightforward packages
We are pioneers in offering easy-to-understand and quick-to-buy penetration testing.
Reports you can understand
We provide clear reports that can be understood by engineering and management teams alike.
Our penetration tests comply with the Microsoft Rules of Engagement
For Azure clients, this means we take care to limit all penetration tests to your assets, thereby avoiding unintended consequences to your customers or your infrastructure.
Companies using our penetration testing services
Speak to an expert
For more information and guidance on penetration testing or packages IT Governance offers, please contact our experts who will be able to discuss your organizations needs further.