PHISHING EMPLOYEE TRAINING
Service Description
Phishing attacks can vary in appearance and intent – whether being sent a seemingly legitimate LinkedIn request or being prompted to enter your login credentials on a site that looks like your own – your employees need to know what a phishing attack looks like. CAG provides a managed phishing campaign service that imitates a phishing attack to test the behavior of an organization’s staff. At the end of the campaign, the results and analysis are presented to the client team.
CAG will send a phishing email to 25 employees – this list of employees will be provided to your company leadership.
Our Methodology
CAG will target the global client staff of 25 employees.
- This attack is meant to mimic phishers attempting to gain clicks or credentials, not an attack meant to test the capacity or effectiveness of the email spam filter.
- CAG will allow client to approve the email templates before distribution.
- Distribution: CAG will be whitelisted to send the emails. This phishing attempt is not a penetration test of the client spam filters, but a test of the heuristics (behaviors) and training of the client staff.
- CAG will provide 24 hours-notice before sending out to the client population.
- CAG will gather and analyze the results of the campaign and prepare the findings in a report with metrics that will enable decision-making.
CAG will make recommendations as to the types of training that should be conducted in order to remediate those that click-through on the phishing attempts.
Our Deliverables
In addition to the usual status updates and meetings, we will deliver the following:
- Execute a Managed Phishing Campaign
- Report of findings and recommendations
