Phishing is an attempt of a foreign entity pretending to be a legitimate entity, extracting sensitive information such as passwords, usernames or financial data.
Phishing is usually performed through an impostor sending messages or e-mails under the name of someone familiar, by sending a link with leads to a fake site where the user is required to enter a user name and password and other sensitive data.
Cyber360 provides a Phishing service in order to raise awareness among the organisation employees and to thereby reduce events of sensitive information leakage. Depending on organisation’s needs, the service can be provided once or on a periodic basis, and can be target-focused or widespread.
Cyber360 will provide a presentation that summaries the activities and includes examples, screenshots and more. In addition, the customer can get statistics and a full mapping of workers’ actions to help them to improve in the future and to assess the success of the campaign.
Alongside advanced technology and the development of computer and network systems, human resources remain the most important and influential force in the world we live in.
Looking at the business world, it is easy to see that human creativity is an irreplaceable asset in the success of an organisation, but creativity is fraught with many dangers. In addition to threats from outside the organisation, there are those who work toward personal gain at the expense of success, stability and survival of the organisation.
There are various ways and methods used by malicious entities for obtaining information and other resources from your organization. Among these ways can identify two main trends:
Cyber360 has established an operational training unit on social engineering, which is operated by employees with experience in different units. We perform social engineering activities, including setting up the methodology, staffing and treatment chain of these events. The activities include intelligence gathering from various means, building fraud schemes according to the outline given to customers, or prepared according to a scenario developed by the company (Custom Attack Scenarios).
We set up Phishing fraud attempts, physical impersonation and attempts to infiltrate physical protection controls, identifying a specific target that we have gathered information on through visible means and others, going as far as attempts to insert malicious code to those organisations using the same targets. We emphasise attention to detail, and the construction of reliable simulated attacks both at an advanced technical level and at the level of social engineering itself. These goals are achieved through a deep familiarity with the means of obtaining information and reconnaissance capabilities built over the years.