Phishing is the art of enticing a victim to click on a malicious link and is a common component of our wider social engineering and scenario based (simulated attack) testing engagements.
Phishing style attacks pose a significant risk to organisations in today’s Internet enabled world and phishing is frequently used to gain unauthorised access to organisations’ systems.
Phishing style attacks include both generic emails sent to a broad spectrum of an organisation and spear phishing attacks where specific individuals are targeted.
At 7 Elements our focus with phishing engagements is to deliver a real world phishing experience. This enables our clients to understand how vulnerable their employees are to phishing and highlight areas of concern. Our phishing approach utilises purposely-selected technical controls and domains for that specific engagement. By creating bespoke phishing campaigns that are focused on the target organisation and by tailoring technical configurations, 7 Elements are able to pre-validated email campaigns to ensure that they are not marked as spam or spoofed mail and appear to be from a legitimate source. This approach increases the likelihood of bypassing common anti-phishing controls, resulting in a real world phishing experience.
As an example, during a recent engagement, 7 Elements were engaged to conduct a targeted and generic phishing attack on a financial organisation. During the generic phishing phase, utilising our internal phishing platform, 7 Elements were able to entice 82% of the target audience in to clicking on a malicious link within the email. Doing so resulted in 7 Elements gaining control over the end users browser.
If you would like to explore your organisations exposure to phishing then please get in touch with our team to discuss how we can help.