According to the IC3, $1.2 Billion was lost in 2018 from email account compromise.
Our team will simulate an advanced attacker and conduct Open Source Intelligence (OSINT) collection on a set of employees and carefully develop a scenario around them. These campaigns can be email or phone-based with the primary objective of remote code execution on an employee workstation.
Employees are susceptible to executing malicious commands from an attacker impersonating corporate IT
Payroll/HR divulges Personally Identifiable Information (PII) of targeted employees over the phone or through email
IT Help Desk will bypass policy to reset employee passwords
Automated Phone Directories allow an attacker to contact specific employees for compromise
A unique scenario will be developed that matches your corporate environment and used to target a large group of employees. Detailed metrics derived from the results will determine where your current training program is working and how it can be improved.
Security controls fail to detect domain impersonation
Employees accept malicious 2FA push once credentials are compromised
Current training program does not account for latest phishing techniques